CVE-2026-44640

4.5 MEDIUM

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform

Published: 2026-05-29 · Last updated: 2026-05-29

Severity and scoring

CVSS: 4.5 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
CWE: CWE-843

Description

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to 0.24.14, aio->prov_data is stored as nni_quic_conn* during dialing, but read as ex_quic_conn* during dialer close. This type confusion causes invalid object interpretation and leads to close-path hang/crash behavior. This vulnerability is fixed in 0.24.14.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-8358 — LibreOffice Calc can import tracked changes from a spreadsheet document
CVE-2026-6047 — LibreOffice can import documents in the OOXML format (DOCX)
CVE-2026-45641 — Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally (8.4 HIGH)
CVE-2026-45635 — Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network (8.1 HIGH)
CVE-2026-45600 — Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate pri... (7.8 HIGH)