CVE-2026-22040

Name of the Vulnerable Software and Affected Versions NanoMQ versions prior to 0.24.6

Description NanoMQ MQTT Broker, an Edge Messaging Platform, is susceptible to a heap memory corruption issue in version 0.24.6. This occurs when a specific traffic pattern is generated, combining high-frequency publishes with rapid reconnect/kick-out actions using the same ClientID and substantial subscribe/unsubscribe fluctuations. This pattern reliably triggers a crash in the Broker process, resulting in immediate termination via SIGABRT due to an invalid pointer error during a free() operation.

Recommendations Update NanoMQ to a version newer than 0.24.6. At the moment, there is no information about a newer version that contains a fix for this vulnerability.