Lucene search
K

737 matches found

CVE
CVE
added yesterday5 views

CVE-2026-58208

NATS Server vulnerability CVE-2026-58208: A WebSocket listener could route MQTT-over-WebSocket requests into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with WebSocket access to reach uninitialized MQTT state and crash the server process. This affects pre-2...

6.8CVSS6AI score
Exploits0References5
CVE
CVE
added yesterday7 views

CVE-2026-58211

CVE-2026-58211 affects NATS Server. A vulnerable path allows a client to be registered as the configured no_auth_user via a parser path when the first client operation is not CONNECT, bypassing user-level connection restrictions such as allowed_connection_types or proxy_required. This could enabl...

5.4CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-58207

CVE-2026-58207 affects NATS Server. A client sending account-scoped Connz pagination requests could cause an integer overflow in the pagination logic, crashing the server before the response window is bounded. Affected versions are before 2.14.3 and before 2.12.12; fixed releases are 2.14.3 and 2...

7.7CVSS6AI score
Exploits0References5
CVE
CVE
added yesterday9 views

CVE-2026-58210

CVE-2026-58210 affects NATS Server prior to versions 2.14.3 and 2.12.12. An unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completes, exhausting memory due to the parser waiting for the advertised MQTT packet length. The is...

7.5CVSS6AI score
Exploits0References5
CVE
CVE
added yesterday8 views

CVE-2026-58209

NATS Server before versions 2.14.3 and 2.12.12 could deliver MQTT retained messages and QoS1+ durable replays to subscribers whose topics matched a deny rule, because delivery paths did not consistently re-check the original topic before sending MQTT PUBLISH. This issue is fixed in 2.14.3 and 2.1...

4.3CVSS6AI score
Exploits0References5
CVE
CVE
added yesterday10 views

CVE-2026-58214

CVE-2026-58214 – NATS Server (MQTT subscribe ACL bypass) Prior to version 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protocol metadata for sessions in the a...

4.3CVSS5.9AI score
Exploits0References5
CVE
CVE
added yesterday9 views

CVE-2026-58213

NATS Server (nats-server) before versions 2.14.1 and 2.12.9 is vulnerable: an MQTT client can include protocol control characters in subscription filters, which are later forwarded as NATS protocol data to route or leafnode connections. This corrupts the forwarded protocol stream and allows injec...

7.1CVSS6AI score
Exploits0References8
CVE
CVE
added yesterday5 views

CVE-2026-58253

NATS Server (affected: prior to 2.14.0, 2.12.7, and 2.11.16) contains a parser fast path vulnerability where no_auth_user handling could apply to route/leafnode listeners, enabling an unauthenticated peer to bypass inter‑server CONNECT authentication and operate with the privileges of that connec...

8.8CVSS6AI score
Exploits0References7
CVE
CVE
added yesterday5 views

CVE-2026-58251

CVE-2026-58251 affects NATS Server prior to version 2.14.0, 2.12.7, and 2.11.16. An authenticated user with subscription deny permissions could bypass a plain Subject deny rule by using a queue subscription, because queue-specific deny evaluation could override the plain subject deny result when ...

6.5CVSS6AI score
Exploits0References7
NVD
NVD
added 3 days ago9 views

CVE-2026-46457

Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...

7.5CVSS0.00423EPSS
Exploits0References2
CVE
CVE
added 3 days ago11 views

CVE-2026-46457

Summary: CVE-2026-46457 affects the Apache Camel NATS component. The issue arises when inbound NATS message headers are mapped into the Camel Exchange without a configured headerFilterStrategy, causing every NATS header (including Camel control headers) to be copied unmodified into the Camel mess...

7.5CVSS6.1AI score0.00423EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-46457 Apache Camel: Camel-NATS: Inbound NATS message headers are mapped into the Exchange without a configured HeaderFilterStrategy, allowing a client that can publish to the subject to inject Camel control headers

Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...

0.00423EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-46457

Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...

6.1AI score0.00423EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41831

Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...

7.5CVSS6.1AI score0.00423EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-58214

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nats-server - None Ubuntu Linux - Unknown description CVE-2026-58214 Note that Nessus relies on the presence of the package as reported by the...

4.3CVSS6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-58253

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nats-server - None Ubuntu Linux - Unknown description CVE-2026-58253 Note that Nessus relies on the presence of the package as reported by the...

8.8CVSS6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-58208

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nats-server - None Ubuntu Linux - Unknown description CVE-2026-58208 Note that Nessus relies on the presence of the package as reported by the...

6.8CVSS6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-58207

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nats-server - None Ubuntu Linux - Unknown description CVE-2026-58207 Note that Nessus relies on the presence of the package as reported by the...

7.7CVSS6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-58212

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - golang-github-nats-io-nkeys - None nats-server - None Ubuntu Linux - Unknown description CVE-2026-58212 Note that Nessus relies on the presence o...

6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-58251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nats-server - None Ubuntu Linux - Unknown description CVE-2026-58251 Note that Nessus relies on the presence of the package as reported by the...

6.5CVSS6AI score
Exploits0References3
Rows per page
Query Builder