Lucene search
+L

556 matches found

nvd
nvd
added 2026/07/08 8:16 p.m.11 views

CVE-2026-58253

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when noauthuser was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an...

8.8CVSS0.00368EPSS
Exploits0References7
nvd
nvd
added 2026/07/08 8:16 p.m.6 views

CVE-2026-58252

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset...

6.5CVSS0.00465EPSS
Exploits0References7
nvd
nvd
added 2026/07/08 8:16 p.m.5 views

CVE-2026-58251

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny...

6.5CVSS0.00463EPSS
Exploits0References7
nvd
nvd
added 2026/07/08 8:16 p.m.6 views

CVE-2026-58210

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the...

7.5CVSS0.00732EPSS
Exploits0References5
nvd
nvd
added 2026/07/08 8:16 p.m.5 views

CVE-2026-58209

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these...

4.3CVSS0.00342EPSS
Exploits0References5
cve
cve
added 2026/07/08 8:16 p.m.11 views

CVE-2026-58211

CVE-2026-58211 affects NATS Server. A vulnerable path allows a client to be registered as the configured no_auth_user via a parser path when the first client operation is not CONNECT, bypassing user-level connection restrictions such as allowed_connection_types or proxy_required. This could enabl...

5.4CVSS6AI score0.00292EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/07/08 8:16 p.m.33 views

CVE-2026-58211 NATS Server: `no_auth_user` pre-CONNECT fast path bypasses user connection restrictions

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured noauthuser through a parser path used when the first client operation was not CONNECT, bypassing user-level connection...

5.4CVSS0.00292EPSS
Exploits0References1
cve
cve
added 2026/07/08 8:15 p.m.7 views

CVE-2026-58207

CVE-2026-58207 affects NATS Server. A client sending account-scoped Connz pagination requests could cause an integer overflow in the pagination logic, crashing the server before the response window is bounded. Affected versions are before 2.14.3 and before 2.12.12; fixed releases are 2.14.3 and 2...

7.7CVSS6AI score0.0056EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2026/07/08 8:15 p.m.33 views

CVE-2026-58207 NATS Server: Remote crash via integer overflow in Connz pagination

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal...

7.7CVSS0.0056EPSS
Exploits0References5
osv
osv
added 2026/07/08 8:15 p.m.4 views

CVE-2026-58207 NATS Server: Remote crash via integer overflow in Connz pagination

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal...

7.7CVSS6.1AI score0.0056EPSS
Exploits0References7
osv
osv
added 2026/07/08 8:13 p.m.5 views

CVE-2026-58210 NATS Server: MQTT partial CONNECT packets can exhaust pre-auth memory

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the...

7.5CVSS6.1AI score0.00732EPSS
Exploits0References7
cve
cve
added 2026/07/08 8:13 p.m.11 views

CVE-2026-58210

CVE-2026-58210 affects NATS Server prior to versions 2.14.3 and 2.12.12. An unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completes, exhausting memory due to the parser waiting for the advertised MQTT packet length. The is...

7.5CVSS6AI score0.00732EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2026/07/08 8:13 p.m.36 views

CVE-2026-58210 NATS Server: MQTT partial CONNECT packets can exhaust pre-auth memory

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the...

7.5CVSS0.00732EPSS
Exploits0References5
osv
osv
added 2026/07/08 8:12 p.m.3 views

CVE-2026-58209 NATS Server: MQTT retained and QoS replay bypass subscribe deny filters

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these...

4.3CVSS6.1AI score0.00342EPSS
Exploits0References7
cve
cve
added 2026/07/08 8:12 p.m.13 views

CVE-2026-58209

NATS Server before versions 2.14.3 and 2.12.12 could deliver MQTT retained messages and QoS1+ durable replays to subscribers whose topics matched a deny rule, because delivery paths did not consistently re-check the original topic before sending MQTT PUBLISH. This issue is fixed in 2.14.3 and 2.1...

4.3CVSS6AI score0.00342EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2026/07/08 8:12 p.m.35 views

CVE-2026-58209 NATS Server: MQTT retained and QoS replay bypass subscribe deny filters

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these...

4.3CVSS0.00342EPSS
Exploits0References5
cve
cve
added 2026/07/08 8:6 p.m.14 views

CVE-2026-58214

CVE-2026-58214 – NATS Server (MQTT subscribe ACL bypass) Prior to version 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protocol metadata for sessions in the a...

4.3CVSS5.9AI score0.00349EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2026/07/08 8:6 p.m.47 views

CVE-2026-58214 NATS Server: MQTT subscribe ACL bypass via $MQTT.deliver.pubrel prefix (incomplete fix for CVE-2026-33217)

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protoc...

4.3CVSS0.00349EPSS
Exploits0References5
osv
osv
added 2026/07/08 8:6 p.m.5 views

CVE-2026-58214 NATS Server: MQTT subscribe ACL bypass via $MQTT.deliver.pubrel prefix (incomplete fix for CVE-2026-33217)

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protoc...

4.3CVSS6.1AI score0.00349EPSS
Exploits0References7
cvelist
cvelist
added 2026/07/08 7:56 p.m.38 views

CVE-2026-58254 NATS Server: Incomplete fix for CVE-2026-33249: Leaf node connections bypass Nats-Trace-Dest permission check

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...

5.3CVSS0.00308EPSS
Exploits0References4
Rows per page
Query Builder