CVE-2026-32135

Name of the Vulnerable Software and Affected Versions NanoMQ MQTT Broker versions prior to 0.24.11

Description A remotely triggerable heap buffer overflow exists in the uri param parse() function of the REST API. This issue is caused by an off-by-one error during memory allocation for query parameter keys and values, which allows an attacker to write a null byte beyond the allocated buffer via a crafted HTTP request.

Recommendations Update to version 0.24.11.