Every CVE whose affected-product data names Emqx Nanomq, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (32)
CVE-2025-59947 — CVSS 9.0 (critical): NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger…
CVE-2024-42655 — CVSS 8.8 (high): An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages…
CVE-2023-34488 — CVSS 7.8 (high): NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages.
CVE-2023-33657 — CVSS 7.5 (high): A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_…
CVE-2023-33658 — CVSS 7.5 (high): A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function…
CVE-2023-33659 — CVSS 7.5 (high): A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function…
CVE-2023-33660 — CVSS 7.5 (high): A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the…
CVE-2023-34494 — CVSS 7.5 (high): NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c.
CVE-2024-31041 — CVSS 7.5 (high): Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of…
CVE-2024-42646 — CVSS 7.5 (high): A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages.
CVE-2023-29996 — CVSS 7.5 (high): In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode.
CVE-2024-42650 — CVSS 7.5 (high): NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers…
CVE-2024-42651 — CVSS 7.5 (high): NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows…
CVE-2025-59946 — CVSS 7.5 (high): NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info…
CVE-2026-32135 — CVSS 7.5 (high): NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer…
CVE-2024-48077 — CVSS 7.5 (high): NanoMQ v0.22.7 is vulnerable to Denial of Service (DoS) due to improper resource throttling. A crafted sequence of requests causes the…
CVE-2024-31036 — CVSS 6.8 (medium): A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via…
CVE-2024-42649 — CVSS 6.5 (medium): NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH…
CVE-2024-42648 — CVSS 6.5 (medium): NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT…
CVE-2025-68699 — CVSS 6.5 (medium): NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding…
CVE-2026-25627 — CVSS 6.5 (medium): NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can…
CVE-2023-33656 — CVSS 5.5 (medium): A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this…
CVE-2026-22040 — CVSS 5.3 (medium): NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of…
CVE-2026-34608 — CVSS 4.9 (medium): NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhook_inproc.c, the…
CVE-2025-66023 — CVSS 4.9 (medium): NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free (UAF)…
CVE-2026-32696 — CVSS 3.1 (low): NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP…
CVE-2024-31040 — CVSS 2.7 (low): Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial…