737 matches found
CVE-2026-58208
NATS Server vulnerability CVE-2026-58208: A WebSocket listener could route MQTT-over-WebSocket requests into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with WebSocket access to reach uninitialized MQTT state and crash the server process. This affects pre-2...
CVE-2026-58211
CVE-2026-58211 affects NATS Server. A vulnerable path allows a client to be registered as the configured no_auth_user via a parser path when the first client operation is not CONNECT, bypassing user-level connection restrictions such as allowed_connection_types or proxy_required. This could enabl...
CVE-2026-58207
CVE-2026-58207 affects NATS Server. A client sending account-scoped Connz pagination requests could cause an integer overflow in the pagination logic, crashing the server before the response window is bounded. Affected versions are before 2.14.3 and before 2.12.12; fixed releases are 2.14.3 and 2...
CVE-2026-58210
CVE-2026-58210 affects NATS Server prior to versions 2.14.3 and 2.12.12. An unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completes, exhausting memory due to the parser waiting for the advertised MQTT packet length. The is...
CVE-2026-58209
NATS Server before versions 2.14.3 and 2.12.12 could deliver MQTT retained messages and QoS1+ durable replays to subscribers whose topics matched a deny rule, because delivery paths did not consistently re-check the original topic before sending MQTT PUBLISH. This issue is fixed in 2.14.3 and 2.1...
CVE-2026-58214
CVE-2026-58214 – NATS Server (MQTT subscribe ACL bypass) Prior to version 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protocol metadata for sessions in the a...
CVE-2026-58213
NATS Server (nats-server) before versions 2.14.1 and 2.12.9 is vulnerable: an MQTT client can include protocol control characters in subscription filters, which are later forwarded as NATS protocol data to route or leafnode connections. This corrupts the forwarded protocol stream and allows injec...
CVE-2026-58253
NATS Server (affected: prior to 2.14.0, 2.12.7, and 2.11.16) contains a parser fast path vulnerability where no_auth_user handling could apply to route/leafnode listeners, enabling an unauthenticated peer to bypass inter‑server CONNECT authentication and operate with the privileges of that connec...
CVE-2026-58251
CVE-2026-58251 affects NATS Server prior to version 2.14.0, 2.12.7, and 2.11.16. An authenticated user with subscription deny permissions could bypass a plain Subject deny rule by using a queue subscription, because queue-specific deny evaluation could override the plain subject deny result when ...
CVE-2026-46457
Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...
CVE-2026-46457
Summary: CVE-2026-46457 affects the Apache Camel NATS component. The issue arises when inbound NATS message headers are mapped into the Camel Exchange without a configured headerFilterStrategy, causing every NATS header (including Camel control headers) to be copied unmodified into the Camel mess...
CVE-2026-46457 Apache Camel: Camel-NATS: Inbound NATS message headers are mapped into the Exchange without a configured HeaderFilterStrategy, allowing a client that can publish to the subject to inject Camel control headers
Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...
CVE-2026-46457
Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...
EUVD-2026-41831
Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...
Linux Distros Unpatched Vulnerability : CVE-2026-58214
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nats-server - None Ubuntu Linux - Unknown description CVE-2026-58214 Note that Nessus relies on the presence of the package as reported by the...
Linux Distros Unpatched Vulnerability : CVE-2026-58253
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nats-server - None Ubuntu Linux - Unknown description CVE-2026-58253 Note that Nessus relies on the presence of the package as reported by the...
Linux Distros Unpatched Vulnerability : CVE-2026-58208
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nats-server - None Ubuntu Linux - Unknown description CVE-2026-58208 Note that Nessus relies on the presence of the package as reported by the...
Linux Distros Unpatched Vulnerability : CVE-2026-58207
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nats-server - None Ubuntu Linux - Unknown description CVE-2026-58207 Note that Nessus relies on the presence of the package as reported by the...
Linux Distros Unpatched Vulnerability : CVE-2026-58212
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - golang-github-nats-io-nkeys - None nats-server - None Ubuntu Linux - Unknown description CVE-2026-58212 Note that Nessus relies on the presence o...
Linux Distros Unpatched Vulnerability : CVE-2026-58251
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nats-server - None Ubuntu Linux - Unknown description CVE-2026-58251 Note that Nessus relies on the presence of the package as reported by the...