CVE-2026-32134

Source
https://cve.org/CVERecord?id=CVE-2026-32134
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32134.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-32134
Aliases
  • GHSA-q36f-83mh-pcv2
Published
2026-05-19T17:22:13.431Z
Modified
2026-07-15T20:06:18.444009Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
NanoMQ: NULL Pointer Dereference Crash in tcptran_pipe_peer During Session Restore
Details

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the broker can crash due to a NULL pointer dereference during MQTT session resumption for cleanstart=0 clients. The transport's ppeer callback (tcptranpipepeer()) iterates cpipe->subinfol while copying session metadata from the cached old pipe to the new reconnecting pipe, without checking whether the pointer is NULL. Under a reconnect race, cpipe->subinfol can be freed and set to NULL before session restore invokes this function, resulting in a remote unauthenticated Denial-of-Service (process crash) condition. This issue has been fixed in version 0.24.11.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-476"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32134.json"
}
References

Affected packages

Git / github.com/nanomq/nanomq

Affected ranges

Type
GIT
Repo
https://github.com/nanomq/nanomq
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}
Type
GIT
Repo
https://github.com/nanomq/nanonng
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.24.11"
        }
    ]
}

Affected versions

0.*
0.0.1
0.0.2
0.0.3
0.1.0
0.10.1
0.10.5
0.10.8
0.11.0
0.11.2
0.11.3
0.11.5
0.11.8
0.11.82
0.12.0
0.12.1
0.12.2
0.12.5
0.13
0.13.0
0.13.5
0.13.6
0.13.8
0.14.0
0.14.1
0.14.5
0.14.8
0.15.0
0.15.1
0.15.2
0.15.3
0.15.5
0.16.0
0.16.2
0.16.3
0.16.5
0.17.0
0.17.2
0.17.5
0.17.8
0.18.1
0.18.2
0.19.0
0.19.1
0.19.5
0.2.0
0.2.1
0.2.2
0.2.5
0.20.0
0.20.5
0.20.6
0.20.8
0.21
0.21.1
0.21.10
0.21.2
0.21.5
0.21.6
0.21.7
0.21.8
0.21.9
0.22.0
0.22.1
0.22.10
0.22.2
0.22.3
0.22.4
0.22.6
0.22.7
0.22.8
0.23.0
0.23.1
0.23.10
0.23.2
0.23.3
0.23.4
0.23.5
0.23.6
0.23.7
0.23.7-11
0.23.8
0.23.9
0.24.0
0.24.1
0.24.10
0.24.11
0.24.11-sdv
0.24.2
0.24.3
0.24.3-5
0.24.4
0.24.5
0.24.6
0.24.7
0.24.8
0.24.9
0.3.0
0.3.2
0.3.3
0.3.4
0.3.5
0.3.8
0.4.0
0.4.1
0.4.2
0.4.3
0.4.5
0.4.8
0.5.0
0.5.2
0.5.5
0.5.8
0.5.9
0.6.0
0.6.2
0.6.3
0.6.4
0.6.7rc
0.6.8
0.7.0
0.7.2
0.7.3
0.7.4
0.7.4rc
0.7.5
0.7.5rc
0.7.8
0.7.9
0.8.0
0.8.3
0.8.5
0.8.6log
0.9.0
0.9.2
0.9.5
0.9.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32134.json"
vanir_signatures
[
    {
        "id": "CVE-2026-32134-561521fc",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/nanomq/nanonng/commit/522ec62e29e60d1122f2aedaa6e702dcf089f7bb",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "180359922795876309976203668572873068190",
                "45691574311122879958817524065342053981",
                "159405900866248680086371035076931463742",
                "240762435158994077651166218649017100982",
                "236677275678260574708412570684930228455",
                "312863512122022797989787357053666054555",
                "174123553900327680901554955736186249968"
            ]
        },
        "target": {
            "file": "src/sp/transport/mqttws/nmq_websocket.c"
        }
    },
    {
        "id": "CVE-2026-32134-6b8e96dc",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/nanomq/nanomq/commit/69a97b3b39cc218f044f1c8896f4d3d8757bb394",
        "deprecated": false,
        "digest": {
            "function_hash": "9404688613459076675520313305819057131",
            "length": 400.0
        },
        "target": {
            "function": "URLDecoding",
            "file": "nanomq/rest_api.c"
        }
    },
    {
        "id": "CVE-2026-32134-7d7403d5",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/nanomq/nanonng/commit/522ec62e29e60d1122f2aedaa6e702dcf089f7bb",
        "deprecated": false,
        "digest": {
            "function_hash": "144153350689969700568933714407583495460",
            "length": 1345.0
        },
        "target": {
            "function": "tlstran_pipe_peer",
            "file": "src/sp/transport/mqtts/broker_tls.c"
        }
    },
    {
        "id": "CVE-2026-32134-845bbb84",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/nanomq/nanomq/commit/69a97b3b39cc218f044f1c8896f4d3d8757bb394",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "314939031063357473425211000091759825555",
                "79922476334093433481878188188230999595",
                "115263727495026806456280480745001946541",
                "335218920824431505626218604016560156406",
                "109158426613458411923007034979039306216",
                "263681326533205234187064883824333311768",
                "139441057993715914564204102246260204056",
                "163275836091019848639868326419883599422",
                "232121921634077527089748850232063524540",
                "137394070370141786835294877511344983945",
                "309685692115858805372826425817723344625",
                "180388931056228509517262893763708737544",
                "253428475422003770740128093206280066637",
                "83550170779872102422996397850477648840",
                "157313739316912141087249248541460484873",
                "125769424802170566273063628751569605473",
                "168414094773912658563452953649189013304",
                "332362556983238829505363368071561531910",
                "139080809027202171145826152883316190111",
                "74558128130252978070217973971791797169",
                "57183551417306817156709030268492486682",
                "188941984843814473912361960001297154924",
                "34506272294443398337174980782299368690",
                "293093021700596718330870323291220891427",
                "218751175568408722690396640046618194911",
                "264659906953652634920202064776704951932",
                "183224120377393872789845349723215242491",
                "192835487626449624614785956582916206428",
                "151761993079419734514314841474824734052",
                "209483360540906363404199890844243360425",
                "259839083518275882442824479080929806326",
                "165164928652970171162734450120824360205",
                "342063255244962909075184816900792588",
                "250741181287203539435992289254546992053",
                "240888907075867659452765873170276375840"
            ]
        },
        "target": {
            "file": "nanomq/rest_api.c"
        }
    },
    {
        "id": "CVE-2026-32134-877ec63c",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/nanomq/nanonng/commit/522ec62e29e60d1122f2aedaa6e702dcf089f7bb",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "256232385624735259090518377375737112227",
                "316465675479941423688724540639015627202",
                "159405900866248680086371035076931463742",
                "240762435158994077651166218649017100982",
                "236677275678260574708412570684930228455",
                "312863512122022797989787357053666054555",
                "174123553900327680901554955736186249968"
            ]
        },
        "target": {
            "file": "src/sp/transport/mqtts/broker_tls.c"
        }
    },
    {
        "id": "CVE-2026-32134-88763801",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/nanomq/nanonng/commit/522ec62e29e60d1122f2aedaa6e702dcf089f7bb",
        "deprecated": false,
        "digest": {
            "function_hash": "144153350689969700568933714407583495460",
            "length": 1345.0
        },
        "target": {
            "function": "tcptran_pipe_peer",
            "file": "src/sp/transport/mqtt/broker_tcp.c"
        }
    },
    {
        "id": "CVE-2026-32134-8e485b5d",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/nanomq/nanonng/commit/522ec62e29e60d1122f2aedaa6e702dcf089f7bb",
        "deprecated": false,
        "digest": {
            "function_hash": "293477401416401812591338456530771573354",
            "length": 1377.0
        },
        "target": {
            "function": "wstran_pipe_peer",
            "file": "src/sp/transport/mqttws/nmq_websocket.c"
        }
    },
    {
        "id": "CVE-2026-32134-dc67de60",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/nanomq/nanomq/commit/69a97b3b39cc218f044f1c8896f4d3d8757bb394",
        "deprecated": false,
        "digest": {
            "function_hash": "5795522914121648582782519407379809587",
            "length": 8677.0
        },
        "target": {
            "function": "process_request",
            "file": "nanomq/rest_api.c"
        }
    },
    {
        "id": "CVE-2026-32134-df61678f",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/nanomq/nanonng/commit/522ec62e29e60d1122f2aedaa6e702dcf089f7bb",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "256232385624735259090518377375737112227",
                "316465675479941423688724540639015627202",
                "159405900866248680086371035076931463742",
                "240762435158994077651166218649017100982",
                "236677275678260574708412570684930228455",
                "312863512122022797989787357053666054555",
                "174123553900327680901554955736186249968"
            ]
        },
        "target": {
            "file": "src/sp/transport/mqtt/broker_tcp.c"
        }
    }
]
vanir_signatures_modified
"2026-07-15T20:06:18Z"