CVE-2026-21888
📋 TL;DR
CVE-2026-21888 is an out-of-bounds read vulnerability in NanoMQ MQTT Broker's MQTT v5 Variable Byte Integer parsing function. This allows attackers to trigger crashes or potentially read sensitive memory when sending specially crafted MQTT packets. All NanoMQ deployments running version 0.24.6 or earlier are affected.
💻 Affected Systems
- NanoMQ MQTT Broker
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution through memory corruption leading to complete system compromise, though this requires specific memory layout conditions.
Likely Case
Denial of service through broker crash, potentially disrupting MQTT messaging services and connected IoT/edge devices.
If Mitigated
Limited impact with proper network segmentation and crash recovery mechanisms in place.
🎯 Exploit Status
Exploit requires sending malformed MQTT v5 packets; public GitHub issue demonstrates crash trigger.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.24.7 or later
Vendor Advisory: https://github.com/nanomq/nanomq/security/advisories/GHSA-cggc-6m7w-j7x5
Restart Required: Yes
Instructions:
1. Download NanoMQ 0.24.7+ from official repository. 2. Stop running NanoMQ service. 3. Replace binary with patched version. 4. Restart NanoMQ service.
🔧 Temporary Workarounds
Network Filtering
allBlock or filter MQTT v5 traffic at network perimeter to prevent exploitation.
Protocol Restriction
linuxConfigure NanoMQ to only accept MQTT v3.1/v3.1.1 connections if v5 not required.
# In nanomq.conf: mqtt.v5.enable = false
🧯 If You Can't Patch
- Implement strict network segmentation to isolate NanoMQ instances from untrusted networks.
- Deploy intrusion detection/prevention systems to monitor for malformed MQTT packets.
🔍 How to Verify
Check if Vulnerable:
Check NanoMQ version; if 0.24.6 or earlier, system is vulnerable.Check Version:
nanomq --versionVerify Fix Applied:
Verify version is 0.24.7 or later and test with MQTT v5 connections.📡 Detection & Monitoring
Log Indicators:
- Unexpected NanoMQ crashes
- ASan error messages in logs
- Malformed packet warnings
Network Indicators:
- Unusual MQTT v5 packets with large variable byte integers
- Connection attempts followed by service termination
SIEM Query:
source="nanomq.log" AND ("crash" OR "segmentation fault" OR "asan")