CVE-2026-32134

Name of the Vulnerable Software and Affected Versions NanoMQ versions prior to 0.24.11

Description A NULL pointer dereference can occur when the broker handles high-concurrency reconnect traffic using a reconnect-collision payload during MQTT session resumption for clients with clean start=0. The tcptran pipe peer() function iterates cpipe->subinfol while copying session metadata from a cached old pipe to a new reconnecting pipe without verifying if the pointer is NULL. In a reconnect race condition, cpipe->subinfol may be freed and set to NULL before session restore, leading to a remote unauthenticated Denial-of-Service through a process crash.

Recommendations Update to version 0.24.11.