NanoMQ
Moderate fix1 remedy
cpe:2.3:a:emqx:nanomq:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 0.24.x
NanoMQ MQTT Broker WebSocket Denial-of-Service Vulnerability via Malformed Remaining Length
Vulnerability
Patched
A denial-of-service vulnerability has been identified in NanoMQ MQTT Broker versions prior to 0.24.8. The issue arises in the MQTT-over-WebSocket transport, where an attacker can cause a crash by sending a packet with a large Remaining Length in the header, but a shorter payload. This discrepancy leads to an out-of-bounds read, causing a process crash. The vulnerability can be exploited remotely through the WebSocket listener.
Impact
Exploitation of this vulnerability leads to a process crash, causing a denial-of-service condition on the WebSocket MQTT listener.
Reproduction
The vulnerability can be reproduced by sending a malformed PUBLISH packet over a WebSocket connection, after establishing a valid MQTT CONNECT. The PUBLISH packet should have a Remaining Length of 4096 bytes, but only include 3 bytes of actual payload, creating the out-of-bounds condition.
Remediation
Users can upgrade to NanoMQ version 0.24.8 or later to address this vulnerability.
Added: Mar 30, 2026, 9:45 PM
Updated: Mar 30, 2026, 9:45 PM
Vulnerability Rating
Custom Algorithm
spread
0.3impact
2.5exploitability
9.1remediation
7.7relevance
4.9threat
6.4urgency
2.9incentive
8.3Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.