PatchSiren cyber security CVE debrief
CVE-2026-36590 EMQ CVE debrief
A denial of service vulnerability was discovered in EMQ NanoMQ v0.24.9. The issue is caused by a problem in the nni_qos_db_set function in broker_tcp.c component, which can be exploited by a remote attacker to cause a denial of service. This vulnerability has a CVSS score of 7.5, indicating a high severity. The vulnerability affects EMQ NanoMQ v0.24.9 and potentially other versions. The source confidence is limited, and defenders should verify the details with the official CVE record and NVD entry.
- Vendor
- EMQ
- Product
- NanoMQ
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-15
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-15
- Advisory updated
- 2026-07-16
Who should care
Users of EMQ NanoMQ v0.24.9 and potentially other versions should be aware of this vulnerability and take steps to defend against it. This includes verifying affected installations, applying vendor patches or updates if available, implementing compensating controls to detect and prevent exploitation, and monitoring for suspicious activity.
Technical summary
The vulnerability is caused by a problem in the nni_qos_db_set function in broker_tcp.c component of EMQ NanoMQ v0.24.9. This function can be exploited by a remote attacker to cause a denial of service. The CVSS score for this vulnerability is 7.5, indicating a high severity. The vulnerability affects EMQ NanoMQ v0.24.9 and potentially other versions. The source confidence is limited, and defenders should verify the details with the official CVE record and NVD entry.
Defensive priority
High
Recommended defensive actions
- Inventory and verify affected EMQ NanoMQ installations
- Apply vendor patches or updates if available
- Implement compensating controls to detect and prevent exploitation
- Monitor for suspicious activity
- Consider upgrading to a newer version of EMQ NanoMQ
- Review and verify the official CVE record and NVD entry for the most accurate and up-to-date information
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-15T22:16:46.947Z and last modified on 2026-07-16T19:58:33.077Z. The NVD entry is currently Analyzed. This information is based on the provided source corpus and may not reflect the full scope of the vulnerability. Users should verify the details with the official CVE record and NVD entry for the most accurate and up-to-date information.
Official resources
-
CVE-2026-36590 CVE record
CVE.org
-
CVE-2026-36590 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-15T22:16:46.947Z and has not been modified since then. The NVD entry is currently Analyzed.