NULL pointer dereference in NanoMQ - CVE-2026-47275
Published: June 29, 2026
NanoMQ
Detailed vulnerability description
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to a null pointer dereference in nni_mqttv5_msg_decode_connect() when processing a crafted MQTTv5 CONNECT packet from a broker. A remote user can send a specially crafted packet to cause a denial of service.
The issue affects the NanoMQ MQTTv5 client receive path, including nanomq_cli and bridge mode, and user interaction is required because the client must connect to a malicious broker.