PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-36590 EMQ CVE debrief

A denial of service vulnerability was discovered in EMQ NanoMQ v0.24.9. The issue is caused by a problem in the nni_qos_db_set function in broker_tcp.c component, which can be exploited by a remote attacker to cause a denial of service. This vulnerability has a CVSS score of 7.5, indicating a high severity. The vulnerability affects EMQ NanoMQ v0.24.9 and potentially other versions. The source confidence is limited, and defenders should verify the details with the official CVE record and NVD entry.

Vendor
EMQ
Product
NanoMQ
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-15
Original CVE updated
2026-07-16
Advisory published
2026-07-15
Advisory updated
2026-07-16

Who should care

Users of EMQ NanoMQ v0.24.9 and potentially other versions should be aware of this vulnerability and take steps to defend against it. This includes verifying affected installations, applying vendor patches or updates if available, implementing compensating controls to detect and prevent exploitation, and monitoring for suspicious activity.

Technical summary

The vulnerability is caused by a problem in the nni_qos_db_set function in broker_tcp.c component of EMQ NanoMQ v0.24.9. This function can be exploited by a remote attacker to cause a denial of service. The CVSS score for this vulnerability is 7.5, indicating a high severity. The vulnerability affects EMQ NanoMQ v0.24.9 and potentially other versions. The source confidence is limited, and defenders should verify the details with the official CVE record and NVD entry.

Defensive priority

High

Recommended defensive actions

  • Inventory and verify affected EMQ NanoMQ installations
  • Apply vendor patches or updates if available
  • Implement compensating controls to detect and prevent exploitation
  • Monitor for suspicious activity
  • Consider upgrading to a newer version of EMQ NanoMQ
  • Review and verify the official CVE record and NVD entry for the most accurate and up-to-date information
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-15T22:16:46.947Z and last modified on 2026-07-16T19:58:33.077Z. The NVD entry is currently Analyzed. This information is based on the provided source corpus and may not reflect the full scope of the vulnerability. Users should verify the details with the official CVE record and NVD entry for the most accurate and up-to-date information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-15T22:16:46.947Z and has not been modified since then. The NVD entry is currently Analyzed.