Description

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the `uri_param_parse` function of NanoMQ's REST API. The vulnerability occurs due to an off-by-one error when allocating memory for query parameter keys and values, allowing an attacker to write a null byte beyond the allocated buffer. This can be triggered via a crafted HTTP request. Version 0.24.11 patches the issue.

INFO

Published Date :

2026-04-20T19:23:09.704Z

Last Modified :

2026-04-21T13:33:14.607Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-32135 vulnerability.

Vendors Products
Emqx
  • Nanomq
Nanomq
  • Nanomq
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-32135.

URL Resource
https://github.com/nanomq/nanomq/commit/69a97b3b39cc218f044f1c8896f4d3d8757bb394 cve-icon cve-icon
https://github.com/nanomq/nanomq/issues/2247 cve-icon cve-icon
https://github.com/nanomq/nanomq/security/advisories/GHSA-6w96-9qw7-m599 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact