{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32696", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-13T14:33:42.822Z", "datePublished": "2026-03-30T20:11:30.580Z", "dateUpdated": "2026-03-31T15:24:06.506Z"}, "containers": {"cna": {"title": "NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash \u2014 SIGSEGV, remotely triggerable", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "lang": "en", "description": "CWE-476: NULL Pointer Dereference", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/nanomq/nanomq/security/advisories/GHSA-77f4-wvq8-mp3p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nanomq/nanomq/security/advisories/GHSA-77f4-wvq8-mp3p"}, {"name": "https://github.com/nanomq/NanoNNG/pull/1394", "tags": ["x_refsource_MISC"], "url": "https://github.com/nanomq/NanoNNG/pull/1394"}, {"name": "https://github.com/nanomq/NanoNNG/commit/c20aa27e5290bb480a5315099952480d35f37a8b", "tags": ["x_refsource_MISC"], "url": "https://github.com/nanomq/NanoNNG/commit/c20aa27e5290bb480a5315099952480d35f37a8b"}, {"name": "https://github.com/nanomq/nanomq/releases/tag/0.24.7", "tags": ["x_refsource_MISC"], "url": "https://github.com/nanomq/nanomq/releases/tag/0.24.7"}], "affected": [{"vendor": "nanomq", "product": "nanomq", "versions": [{"version": ">= 0.24.6, < 0.24.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-30T20:11:30.580Z"}, "descriptions": [{"lang": "en", "value": "NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication), when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P (e.g., username=\"%u\", password=\"%P\"), the HTTP request construction phase enters auth_http.c:set_data(). This results in calling strlen() on a NULL pointer, causing a SIGSEGV crash. This crash can be triggered remotely, resulting in a denial of service. This issue has been patched in version 0.24.7."}], "source": {"advisory": "GHSA-77f4-wvq8-mp3p", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T15:23:56.365413Z", "id": "CVE-2026-32696", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T15:24:06.506Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32696", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T15:23:56.365413Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T15:24:01.754Z"}}], "cna": {"title": "NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash \u2014 SIGSEGV, remotely triggerable", "source": {"advisory": "GHSA-77f4-wvq8-mp3p", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "nanomq", "product": "nanomq", "versions": [{"status": "affected", "version": ">= 0.24.6, < 0.24.7"}]}], "references": [{"url": "https://github.com/nanomq/nanomq/security/advisories/GHSA-77f4-wvq8-mp3p", "name": "https://github.com/nanomq/nanomq/security/advisories/GHSA-77f4-wvq8-mp3p", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nanomq/NanoNNG/pull/1394", "name": "https://github.com/nanomq/NanoNNG/pull/1394", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nanomq/NanoNNG/commit/c20aa27e5290bb480a5315099952480d35f37a8b", "name": "https://github.com/nanomq/NanoNNG/commit/c20aa27e5290bb480a5315099952480d35f37a8b", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nanomq/nanomq/releases/tag/0.24.7", "name": "https://github.com/nanomq/nanomq/releases/tag/0.24.7", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication), when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P (e.g., username=\"%u\", password=\"%P\"), the HTTP request construction phase enters auth_http.c:set_data(). This results in calling strlen() on a NULL pointer, causing a SIGSEGV crash. This crash can be triggered remotely, resulting in a denial of service. This issue has been patched in version 0.24.7."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-30T20:11:30.580Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32696", "state": "PUBLISHED", "dateUpdated": "2026-03-31T15:24:06.506Z", "dateReserved": "2026-03-13T14:33:42.822Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-30T20:11:30.580Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emqx:nanomq:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EB20A7D-1CAC-4435-809D-E28F44298077", "versionEndExcluding": "0.24.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication), when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P (e.g., username=\"%u\", password=\"%P\"), the HTTP request construction phase enters auth_http.c:set_data(). This results in calling strlen() on a NULL pointer, causing a SIGSEGV crash. This crash can be triggered remotely, resulting in a denial of service. This issue has been patched in version 0.24.7."}, {"lang": "es", "value": "NanoMQ MQTT Broker (NanoMQ) es una plataforma de mensajer\u00eda Edge integral. En la versi\u00f3n 0.24.6 de NanoMQ, despu\u00e9s de habilitar auth.http_auth (autenticaci\u00f3n HTTP), cuando un cliente se conecta al broker usando MQTT CONNECT sin proporcionar nombre de usuario/contrase\u00f1a, y los par\u00e1metros de configuraci\u00f3n usan los marcadores de posici\u00f3n %u / %P (por ejemplo, username='%u', password='%P'), la fase de construcci\u00f3n de la solicitud HTTP entra en auth_http.c:set_data(). Esto resulta en la llamada a strlen() sobre un puntero NULL, causando un fallo SIGSEGV. Este fallo puede ser activado remotamente, resultando en una denegaci\u00f3n de servicio. Este problema ha sido parcheado en la versi\u00f3n 0.24.7."}], "id": "CVE-2026-32696", "lastModified": "2026-04-13T14:07:31.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-30T21:17:09.603", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nanomq/NanoNNG/commit/c20aa27e5290bb480a5315099952480d35f37a8b"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/nanomq/NanoNNG/pull/1394"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/nanomq/nanomq/releases/tag/0.24.7"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/nanomq/nanomq/security/advisories/GHSA-77f4-wvq8-mp3p"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.24.6,0.24.7)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "nanomq", "source": "cna", "vendor": "nanomq"}, "product": "nanomq", "vendor": "nanomq"}], "analysis": {"en": {"generated_at": "2026-04-13T16:09:53.904443+00:00", "value": {"mitigation_remediation": ["Update NanoMQ to version 0.24.7 or later", "If an upgrade cannot be performed immediately, disable auth.http_auth or replace placeholder credentials (%u and %P) with real values in the configuration", "Verify that the broker is restarted after applying the update or configuration changes"], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected product is NanoMQ, a lightweight MQTT broker designed for edge environments. Vulnerable releases include version 0.24.6; the issue was fixed in 0.24.7.", "description_and_impact": "NanoMQ MQTT Broker version 0.24.6 contains a Null Pointer Dereference in auth_http.c:set_data() that is triggered when HTTP authentication is enabled and a client connects without providing a username or password. The bug causes a strlen() call on a NULL pointer, leading to a crash (SIGSEGV). This results in a denial of service against the broker process.", "risk_and_exploitability": "The CVSS v3 score of 3.1 indicates low overall severity, but the impact is a service disruption that can be triggered remotely by any client connecting to the broker with auth.http_auth enabled and using placeholder values (%u and %P). EPSS suggests the likelihood of exploitation is under 1%, and the vulnerability is not listed in CISA\u2019s KEV catalog. Despite the low probability, the remote triggerability means that an attacker can perform repeated connections to crash the broker, potentially disrupting downstream applications."}}}}, "created": "2026-03-31T20:00:00.120541+00:00", "updated": "2026-04-14T16:42:33.561570+00:00", "vendors": ["nanomq", "nanomq$PRODUCT$nanomq"]}