CVE-2026-32696 in MQTT BrokerИнформация

Сводка (Английский)

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication), when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P (e.g., username="%u", password="%P"), the HTTP request construction phase enters auth_http.c:set_data(). This results in calling strlen() on a NULL pointer, causing a SIGSEGV crash. This crash can be triggered remotely, resulting in a denial of service. This issue has been patched in version 0.24.7.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Ответственный

GitHub_M

Резервировать

13.03.2026

Раскрытие

31.03.2026

Статус

Подтверждённый

Записи

VulDB provides additional information and datapoints for this CVE:

ИД	Уязвимость	CWE	Экс	Кон	CVE
354270	NanoMQ MQTT Broker set_data отказ в обслуживании	476	Не определено	Официальное исправление	CVE-2026-32696

Описание

CPE

CWE

CVSS

Эксплойты

История

Разница

Связать

Разведка угроз

API JSON

API XML

API CSV

Источники

◂ ПредыдущийОбзорДалее ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!