{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32135", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T22:19:36.546Z", "datePublished": "2026-04-20T19:23:09.704Z", "dateUpdated": "2026-04-21T13:33:14.607Z"}, "containers": {"cna": {"title": "NanoMQ has Heap Buffer Overflow in URI Parameter Parsing", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P", "version": "4.0"}}], "references": [{"name": "https://github.com/nanomq/nanomq/security/advisories/GHSA-6w96-9qw7-m599", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nanomq/nanomq/security/advisories/GHSA-6w96-9qw7-m599"}, {"name": "https://github.com/nanomq/nanomq/issues/2247", "tags": ["x_refsource_MISC"], "url": "https://github.com/nanomq/nanomq/issues/2247"}, {"name": "https://github.com/nanomq/nanomq/commit/69a97b3b39cc218f044f1c8896f4d3d8757bb394", "tags": ["x_refsource_MISC"], "url": "https://github.com/nanomq/nanomq/commit/69a97b3b39cc218f044f1c8896f4d3d8757bb394"}], "affected": [{"vendor": "nanomq", "product": "nanomq", "versions": [{"version": "< 0.24.11", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-20T19:23:09.704Z"}, "descriptions": [{"lang": "en", "value": "NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the `uri_param_parse` function of NanoMQ's REST API. The vulnerability occurs due to an off-by-one error when allocating memory for query parameter keys and values, allowing an attacker to write a null byte beyond the allocated buffer. This can be triggered via a crafted HTTP request. Version 0.24.11 patches the issue."}], "source": {"advisory": "GHSA-6w96-9qw7-m599", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T13:32:34.532703Z", "id": "CVE-2026-32135", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:33:14.607Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32135", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-21T13:32:34.532703Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:32:51.624Z"}}], "cna": {"title": "NanoMQ has Heap Buffer Overflow in URI Parameter Parsing", "source": {"advisory": "GHSA-6w96-9qw7-m599", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "nanomq", "product": "nanomq", "versions": [{"status": "affected", "version": "< 0.24.11"}]}], "references": [{"url": "https://github.com/nanomq/nanomq/security/advisories/GHSA-6w96-9qw7-m599", "name": "https://github.com/nanomq/nanomq/security/advisories/GHSA-6w96-9qw7-m599", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nanomq/nanomq/issues/2247", "name": "https://github.com/nanomq/nanomq/issues/2247", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nanomq/nanomq/commit/69a97b3b39cc218f044f1c8896f4d3d8757bb394", "name": "https://github.com/nanomq/nanomq/commit/69a97b3b39cc218f044f1c8896f4d3d8757bb394", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the `uri_param_parse` function of NanoMQ's REST API. The vulnerability occurs due to an off-by-one error when allocating memory for query parameter keys and values, allowing an attacker to write a null byte beyond the allocated buffer. This can be triggered via a crafted HTTP request. Version 0.24.11 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-20T19:23:09.704Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32135", "state": "PUBLISHED", "dateUpdated": "2026-04-21T13:33:14.607Z", "dateReserved": "2026-03-10T22:19:36.546Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-20T19:23:09.704Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the `uri_param_parse` function of NanoMQ's REST API. The vulnerability occurs due to an off-by-one error when allocating memory for query parameter keys and values, allowing an attacker to write a null byte beyond the allocated buffer. This can be triggered via a crafted HTTP request. Version 0.24.11 patches the issue."}], "id": "CVE-2026-32135", "lastModified": "2026-04-21T16:20:24.180", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-20T20:16:48.510", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/nanomq/nanomq/commit/69a97b3b39cc218f044f1c8896f4d3d8757bb394"}, {"source": "security-advisories@github.com", "url": "https://github.com/nanomq/nanomq/issues/2247"}, {"source": "security-advisories@github.com", "url": "https://github.com/nanomq/nanomq/security/advisories/GHSA-6w96-9qw7-m599"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.24.11)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "nanomq", "source": "cna", "vendor": "nanomq"}, "product": "nanomq", "vendor": "nanomq"}], "analysis": {"en": {"generated_at": "2026-04-21T15:44:37.855330+00:00", "value": {"mitigation_remediation": ["Upgrade NanoMQ to version 0.24.11 or later, which contains a patch for the buffer overflow bug.", "If upgrading cannot be performed immediately, restrict access to the broker\u2019s REST API by limiting inbound traffic to trusted hosts or applying firewall rules that block untrusted sources.", "Monitor HTTP traffic to the REST endpoint for anomalous requests and review security advisories for newer vulnerabilities or patches."], "summary": {"action": "Apply Patch", "impact": "Heap Buffer Overflow via REST API"}, "threat_synthesis": {"affected_systems": "Any instance of NanoMQ with a version earlier than 0.24.11 is affected. The vulnerability resides in the REST API of the broker, as identified by the nanomq:nanomq vendor and product name.", "description_and_impact": "NanoMQ MQTT Broker contains a heap buffer overflow in the uri_param_parse function of its REST API. The bug is caused by an off\u2011by\u2011one error when allocating memory for query parameter keys and values. A crafted HTTP request can trigger the overflow and overwrite a null byte beyond the allocated buffer, potentially corrupting memory and affecting the stability of the broker.", "risk_and_exploitability": "The CVSS score of 7.7 indicates high severity. No EPSS score is available, and the vulnerability is not listed in CISA KEV. The flaw can be triggered via a crafted HTTP request to the REST endpoint; no authentication requirement is mentioned in the description. The remote triggerability combined with the high severity suggests that exploitation could have significant impact if successful."}}}}, "created": "2026-04-20T21:00:12.633864+00:00", "updated": "2026-04-21T15:45:07.487960+00:00", "vendors": ["nanomq", "nanomq$PRODUCT$nanomq"]}