Lucene search
K

543 matches found

RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-58253

A flaw was found in NATS Server. When the noauthuser configuration is enabled, a parser optimization intended for client connections can inadvertently apply to route or leafnode listeners. This allows an unauthenticated attacker on an adjacent network to bypass inter-server authentication...

8.8CVSS6AI score0.00388EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-58250

A flaw was found in NATS Server, a high-performance messaging system. An unauthenticated attacker with network access to a leafnode listener, where compression is enabled, could exploit this vulnerability. By sending repeated leafnode INFO protocol messages during the pre-authentication handshake...

7.5CVSS6AI score0.00732EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-58207

A flaw was found in NATS Server. A client with the ability to send account-scoped connection monitoring requests could crash the server. This is achieved by providing pagination offset and limit values that cause an arithmetic overflow, leading to a Denial of Service DoS. Mitigation Upstream...

7.7CVSS6AI score0.0056EPSS
Exploits0References8
Snyk
Snyk
added 6 days ago3 views

Improper Authorization

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the queue subscription process. An attacker can gain unauthorized...

7.1CVSS6.1AI score0.00488EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

NULL Pointer Dereference

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to NULL Pointer Dereference via the leafnode handshake process. An attacker can cause the serve...

8.7CVSS6.1AI score0.00732EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Incorrect Authorization

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient enforcement of destination permission checks for...

6.5CVSS6.1AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Authorization

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the subscription authorization process. An attacker can access...

7.1CVSS6.1AI score0.00465EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Incorrect Authorization

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient enforcement of destination permission checks for...

6.5CVSS6.1AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Authentication

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authentication in the parser fast path for inter-server connections, which applies a...

8.8CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Authentication

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authentication in the parser fast path for inter-server connections, which applies ...

8.8CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Uncaught Exception

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Uncaught Exception in the WebSocket listener routing, which dispatches requests for the...

8.2CVSS6.1AI score0.00593EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-58211

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured noauthuser through a parser path used when the first client operation was not CONNECT, bypassing user-level connection...

5.4CVSS0.00292EPSS
Exploits0References1
NVD
NVD
added 6 days ago7 views

CVE-2026-58207

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal...

7.7CVSS0.0056EPSS
Exploits0References5
NVD
NVD
added 6 days ago7 views

CVE-2026-58208

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with...

7.5CVSS0.00593EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-58208 NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with...

6.8CVSS0.00593EPSS
Exploits0References5
CVE
CVE
added 6 days ago8 views

CVE-2026-58208

CVE-2026-58208 affects NATS Server. A WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with WebSocket access to reach an uninitialized MQTT state and crash the server process. This iss...

7.5CVSS6AI score0.00593EPSS
Exploits0References5Affected Software1
NVD
NVD
added 6 days ago6 views

CVE-2026-58253

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when noauthuser was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an...

8.8CVSS0.00388EPSS
Exploits0References7
NVD
NVD
added 6 days ago5 views

CVE-2026-58252

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset...

6.5CVSS0.00465EPSS
Exploits0References7
NVD
NVD
added 6 days ago5 views

CVE-2026-58251

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny...

6.5CVSS0.00488EPSS
Exploits0References7
NVD
NVD
added 6 days ago6 views

CVE-2026-58210

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the...

7.5CVSS0.00732EPSS
Exploits0References5
Rows per page
Query Builder