CVE-2026-34608

Source
https://cve.org/CVERecord?id=CVE-2026-34608
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34608.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-34608
Aliases
  • GHSA-8p57-jxj9-3qq3
Published
2026-04-02T17:52:51.813Z
Modified
2026-07-15T01:49:18.679447897Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
nanomq: Heap-Buffer-Overflow in webhook_inproc.c via cJSON_Parse OOB Read
Details

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhookinproc.c, the hookworkcb() function processes nng messages by parsing the message body with cJSONParse(body). The body is obtained from nngmsgbody(msg), which is a binary buffer without a guaranteed null terminator. This leads to an out-of-bounds read (OOB read) as cJSONParse reads until it finds a \0, potentially accessing memory beyond the allocated buffer (e.g., nngmsg metadata or adjacent heap/stack). The issue is often masked by nng's allocation padding (extra 32 bytes of zeros for non-power-of-two sizes <1024 or non-aligned). The overflow is reliably triggered when the JSON payload length is a power-of-two >=1024 (no padding added). This issue has been patched in version 0.24.10.

Database specific
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34608.json",
    "cwe_ids": [
        "CWE-125",
        "CWE-457"
    ]
}
References

Affected packages

Git / github.com/nanomq/nanomq

Affected ranges

Type
GIT
Repo
https://github.com/nanomq/nanomq
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:emqx:nanomq:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.24.10"
        }
    ]
}

Affected versions

0.*
0.0.1
0.0.2
0.0.3
0.1.0
0.10.1
0.10.5
0.10.8
0.11.0
0.11.2
0.11.3
0.11.5
0.11.8
0.11.82
0.12.0
0.12.1
0.12.2
0.12.5
0.13.0
0.13.6
0.13.8
0.14.0
0.14.1
0.14.5
0.14.8
0.15.0
0.15.1
0.15.2
0.15.3
0.15.5
0.16.0
0.16.2
0.16.3
0.16.5
0.17.2
0.17.5
0.17.8
0.18.1
0.18.2
0.19.0
0.19.1
0.19.5
0.2.0
0.2.1
0.2.2
0.2.5
0.20.0
0.20.5
0.20.6
0.20.8
0.21
0.21.1
0.21.10
0.21.2
0.21.5
0.21.6
0.21.7
0.21.8
0.21.9
0.22.0
0.22.1
0.22.10
0.22.2
0.22.3
0.22.6
0.22.7
0.22.8
0.23.0
0.23.1
0.23.10
0.23.2
0.23.3
0.23.4
0.23.5
0.23.6
0.23.7
0.23.7-11
0.23.8
0.23.9
0.24.0
0.24.1
0.24.2
0.24.3
0.24.3-5
0.24.4
0.24.5
0.24.6
0.24.7
0.24.8
0.24.9
0.3.0
0.3.2
0.3.3
0.3.4
0.3.5
0.3.8
0.4.0
0.4.1
0.4.2
0.4.3
0.4.5
0.4.8
0.5.0
0.5.2
0.5.5
0.5.8
0.5.9
0.6.0
0.6.2
0.6.3
0.6.4
0.6.7rc
0.6.8
0.7.0
0.7.2
0.7.3
0.7.4
0.7.4rc
0.7.5
0.7.5rc
0.7.8
0.7.9
0.8.0
0.8.3
0.8.5
0.8.6log
0.9.0
0.9.2
0.9.5
0.9.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34608.json"