MEDIUM
nanomq
CVE published 2026-05-19
CVE-2026-32134
CVE-2026-32134 is a remotely reachable denial-of-service issue in NanoMQ's MQTT broker. During high-concurrency reconnect traffic, a reconnect race can leave cached session metadata NULL while session resumption is restoring state for clean_start=0 clients. That can trigger a NULL pointer dereference in the transport peer callback and crash the broker process. The issue is fixed in NanoMQ 0.24.11.