Out-of-Bounds Read in NanoMQ MQTT Broker
CVE-2026-34608

4.9MEDIUM

Key Information:

Vendor

NanoMQ

Status
NanoMQ
Vendor
CVE Published:
2 April 2026

What is CVE-2026-34608?

The NanoMQ MQTT Broker prior to version 0.24.10 contains a vulnerability in the hook_work_cb() function within webhook_inproc.c. This function processes messages from the nng library and uses cJSON_Parse to parse the message body. The message body, retrieved from nng_msg_body(msg), is a binary buffer that may not have a null terminator, resulting in an out-of-bounds read as cJSON_Parse continues reading until it finds a null character. This poses a risk of accessing memory outside of the allocated buffer, potentially exposing heap or stack data. The issue becomes particularly apparent when the length of the JSON payload is a power-of-two and greater than or equal to 1024, which does not benefit from the padding provided by nng’s allocation mechanism. A fix has been implemented in version 0.24.10.

Affected Version(s)

nanomq < 0.24.10

References

https://github.com/nanomq/nanomq/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/nanomq/nanomq/commit/9499a4b2c47998a6a...
x_refsource_MISC
https://github.com/nanomq/nanomq/releases/tag/0.24.10
x_refsource_MISC

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.