CNNVD-202601-028 Information

CNNVD ID

CNNVD-202601-028

Related CVE

CVE-2025-66023

• CNNVD Published: 2026-01-01

Description (Chinese)

NanoMQ是美国EMQ开源的一款用于物联网边缘平台的轻量级快速 MQTT Broker。 NanoMQ 0.24.5之前版本存在资源管理错误漏洞，该漏洞源于MQTT桥接客户端组件存在堆释放后重用，可能导致服务崩溃或内存损坏。

Description (English)

NanoMQ is a lightweight fast MQTT Broker for the EEMQ open source in the United States of America. The previous version of NanoMQ 0.24.5 had a resource management error loophole, which stemmed from the re-use of the MQTT bridge client component after its release, which could lead to service collapse or memory damage.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

EMQ

Published

2026-01-01

Last Modified

2026-02-24

References

https://github.com/nanomq/NanoNNG/pull/1365 https://github.com/nanomq/nanomq/issues/2145 https://github.com/nanomq/nanomq/security/advisories/GHSA-24f7-q5hh-27hf

Patch

https://github.com/nanomq/nanomq/releases