217 matches found
Oxia has an OIDC token audience validation bypass via SkipClientIDCheck
Summary The OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelated services by the same OIDC issuer to be accepted by Oxia...
SUSE CVE-2026-33215
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...
GO-2026-4833 NATS is vulnerable to MQTT hijacking via Client ID in github.com/nats-io/nats-server
NATS is vulnerable to MQTT hijacking via Client ID in github.com/nats-io/nats-server...
Linux Distros Unpatched Vulnerability : CVE-2026-33215
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats- server provides an MQTT client interface. Prior to...
EUVD-2026-15017
NATS is vulnerable to MQTT hijacking via Client ID...
GHSA-FCJP-H8CC-6879 NATS is vulnerable to MQTT hijacking via Client ID
Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server provides an MQTT client interface. Problem Description Sessions and Messages can by hijacked via MQTT Client ID malfeasance...
NATS is vulnerable to MQTT hijacking via Client ID
Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server provides an MQTT client interface. Problem Description Sessions and Messages can by hijacked via MQTT Client ID malfeasance...
UBUNTU-CVE-2026-33215
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...
CVE-2026-33215 NATS is vulnerable to MQTT hijacking via Client ID
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...
CVE-2026-33215
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...
CVE-2026-33215 NATS is vulnerable to MQTT hijacking via Client ID
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...
EUVD-2026-13960
OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerability in the trusted-proxy Control UI pairing mechanism that accepts client.id=control-ui without proper device identity verification. An authenticated node role websocket client can exploit this by using the control-ui...
CVE-2026-32236
Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery SSRF vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial clientid...
@backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch
Impact A Server-Side Request Forgery SSRF vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial clientid hostname against private IP ranges but does not apply the same validation...
BIT-PARSE-2026-30949 Parse Server is missing audience validation in Keycloak authentication adapter
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2 and 8.6.18, the Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid access token...
Backstage 代码问题漏洞
Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 0.27.1 contained code-related vulnerabilities. These vulnerabilities stemmed from server-side request forgeing when the experimental client ...
GHSA-48MH-J4P5-7J9V Parse Server missing audience validation in Keycloak authentication adapter
Impact The Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid access token issued by the same Keycloak realm for a different client application can be used to authenticate as any user on the Parse...
Parse Server missing audience validation in Keycloak authentication adapter
Impact The Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid access token issued by the same Keycloak realm for a different client application can be used to authenticate as any user on the Parse...
GHSA-X6FW-778M-WR9V Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters
Impact The Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration option is not set clientId for Google/Apple, appIds for Facebook, JWT verification silently skips audience claim validation. This allows an...
Pocket ID: OIDC authorization code validation uses AND instead of OR, allowing cross-client token exchange
Summary The OIDC token endpoint rejects an authorization code only when both the client ID is wrong and the code is expired. This allows cross-client code exchange and expired code reuse. Details backend/internal/service/oidcservice.go:407 go if authorizationCodeMetaData.ClientID != input.ClientI...