3 matches found
BIT-NATS-2026-33246 NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a Nats-Request-Info: message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NAT...
CVE-2026-33222
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could restore to other stream names, impacting data which should have been protected against them...
GHSA-8M2X-3M6Q-6W8J NATS: Message tracing can be redirected to arbitrary subject
Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server supports telemetry on messages, using the per-message NATS headers. Problem Description A valid client which uses message...