Denial-of-Service Vulnerability in NanoMQ MQTT Broker
CVE-2026-32134

5.9MEDIUM

Key Information:

Vendor

NanoMQ

Status
NanoMQ
Nanonng
Vendor
CVE Published:
19 May 2026

What is CVE-2026-32134?

In versions 0.24.10 and earlier of the NanoMQ MQTT Broker, a vulnerability arises when handling high-concurrency reconnect traffic with a reconnect-collision payload. This flaw can lead to a remote unauthenticated Denial-of-Service condition due to a NULL pointer dereference during MQTT session resumption for clients with clean_start=0. Specifically, during the session restoration process, the broker attempts to copy session metadata from a previously cached connection pipe to a new one without validating whether the pointer is valid. If a reconnection event occurs and the connection information is freed prior to the session restore, it may cause the broker to crash, resulting in service downtime. This issue is resolved in NanoMQ MQTT Broker version 0.24.11.

Affected Version(s)

nanomq < 0.24.11

NanoNNG < 0.24.11

References

https://github.com/nanomq/nanomq/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/nanomq/nanomq/issues/2241
x_refsource_MISC
https://github.com/nanomq/NanoNNG/commit/522ec62e29e60d11...
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.