Nixpkgs security tracker

Untriaged

Permalink CVE-2026-22040

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 1 month, 1 week ago

NanoMQ 0.24.6 Use-After-Free Leading to Heap Corruption and Broker Crash

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory corruption in the Broker process, causing it to exit immediately with SIGABRT due to free(): invalid pointer. As of time of publication, no known patched versions are available.

References

https://github.com/nanomq/nanomq/security/advisories/GHSA-v57q-w88m-424r x_refsource_CONFIRM

Affected products

nanomq

=== 0.24.6

Matching in nixpkgs

pkgs.nanomq

Ultra-lightweight and blazing-fast MQTT broker for IoT edge

nixos-unstable 0.24.5
- nixpkgs-unstable 0.24.5
- nixos-unstable-small 0.24.5
nixos-25.11 0.24.5
- nixos-25.11-small 0.24.5
- nixpkgs-25.11-darwin 0.24.5

Package maintainers

@sikmir Nikolay Korotkiy <sikmir@disroot.org>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.nanomq

Package maintainers