A flaw was found in the NATS Server and NATS Streaming Server. Affected versions of this package could allow a remote attacker to bypass security restrictions due to a failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerability to allow denied subjects.
Recraft user permission rules to only add access, never deny it.