Shodan
Vulnerabilities
Vulnerable Software
Emqx:  >> Nanomq  Security Vulnerabilities
CVE-2025-59947
NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscription and vanila subscription. This is fixed in version 0.24.4. As a workaround, disable shared subscription.
CVSS Score
8.5
EPSS Score
0.001
Published
2025-12-15
CVE-2024-42655
An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-07-29
CVE-2024-42651
NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SUBSCRIBE message.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-07-29
CVE-2024-42650
NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-07-15
CVE-2024-42649
NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-07-14
CVE-2024-42646
A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-07-14
CVE-2024-42648
NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-07-14
CVE-2024-44460
An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.001
Published
2024-09-12
CVE-2024-31036
A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-04-22
CVE-2024-31040
Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams.
CVSS Score
2.7
EPSS Score
0.003
Published
2024-04-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved