{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T08:21:23.720","vulnerabilities":[{"cve":{"id":"CVE-2026-22040","sourceIdentifier":"security-advisories@github.com","published":"2026-03-04T22:16:17.300","lastModified":"2026-03-18T16:09:07.133","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory corruption in the Broker process, causing it to exit immediately with SIGABRT due to free(): invalid pointer. As of time of publication, no known patched versions are available."},{"lang":"es","value":"NanoMQ MQTT Broker (NanoMQ) es una Plataforma de Mensajería de Borde integral. En la versión 0.24.6, al generar un patrón de tráfico combinado de publicaciones de alta frecuencia y reconexiones/expulsiones rápidas utilizando el mismo ClientID y una fluctuación masiva de suscripciones/desuscripciones, es posible activar de forma fiable la corrupción de memoria del heap en el proceso del Broker, haciendo que termine inmediatamente con SIGABRT debido a free(): puntero inválido. En el momento de la publicación, no hay versiones parcheadas conocidas disponibles."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emqx:nanomq:*:*:*:*:*:*:*:*","versionEndExcluding":"0.24.6","matchCriteriaId":"F998E900-76B1-4D92-B8AB-CD4EE23C2E3C"}]}]}],"references":[{"url":"https://github.com/nanomq/nanomq/security/advisories/GHSA-v57q-w88m-424r","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}