High severity7.5NVD Advisory· Published Apr 20, 2026· Updated Apr 22, 2026
CVE-2026-32135
CVE-2026-32135
Description
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the uri_param_parse function of NanoMQ's REST API. The vulnerability occurs due to an off-by-one error when allocating memory for query parameter keys and values, allowing an attacker to write a null byte beyond the allocated buffer. This can be triggered via a crafted HTTP request. Version 0.24.11 patches the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
3- github.com/nanomq/nanomq/commit/69a97b3b39cc218f044f1c8896f4d3d8757bb394nvdPatch
- github.com/nanomq/nanomq/security/advisories/GHSA-6w96-9qw7-m599nvdExploitVendor Advisory
- github.com/nanomq/nanomq/issues/2247nvdIssue Tracking
News mentions
0No linked articles in our index yet.