VYPR
High severity7.5NVD Advisory· Published Apr 20, 2026· Updated Apr 22, 2026

CVE-2026-32135

CVE-2026-32135

Description

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the uri_param_parse function of NanoMQ's REST API. The vulnerability occurs due to an off-by-one error when allocating memory for query parameter keys and values, allowing an attacker to write a null byte beyond the allocated buffer. This can be triggered via a crafted HTTP request. Version 0.24.11 patches the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • cpe:2.3:a:emqx:nanomq:*:*:*:*:*:*:*:*
    Range: <0.24.11

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.