CVE-2026-21888

Name of the Vulnerable Software and Affected Versions NanoMQ versions prior to 0.24.6

Description NanoMQ MQTT Broker is an all-around Edge Messaging Platform. A flaw exists in the parsing of MQTT v5 Variable Byte Integers where the get var integer() function does not perform sufficient bounds checking when accepting 5-byte varints. This can reliably cause an out-of-bounds read and subsequent crash when the software is compiled with AddressSanitizer (ASan).

Recommendations Update to a version newer than 0.24.6.