Primary

Context

NanoMQ Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in NanoMQ version 0.22.7. This issue allows attackers to send a large number of crafted MQTT packets to the NanoMQ broker, causing the 'recv-q' queue to fill up rapidly. This accumulation leads to a deadlock, exhausting file descriptor resources and causing the broker to become unresponsive, unable to provide normal services.

Impact

Exploitation of this vulnerability leads to a deadlock in the NanoMQ broker, causing it to become unresponsive and unable to provide normal services. Additionally, the vulnerability causes file descriptor exhaustion, which can further disrupt the broker's functionality.

Reproduction

To reproduce this vulnerability, send a high volume of malicious MQTT packets to the NanoMQ broker. This can be done using an MQTT client or a custom script that targets the broker's MQTT endpoint. Monitor the 'recv-q' queue and the broker's response to observe the deadlock and service disruption.

Added: Jan 15, 2026, 8:25 PM

Updated: Jan 15, 2026, 8:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

9.1

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

9.1

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NanoMQ Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

nanomq

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating