Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2026/03/25 7:50 p.m.2 views

CVE-2026-33246 NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a Nats-Request-Info: message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NAT...

6.4CVSS5.9AI score0.00143EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/25 7:50 p.m.3 views

CVE-2026-33246

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a Nats-Request-Info: message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NAT...

6.4CVSS5.8AI score0.00143EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

Nats-Server 信任管理问题漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used in Nats.io, cloud, and edge native messaging systems. Versions of Nats-Server prior to 2.11.15 and 2.12.6 contained a trust management vulnerability. This vulnerability stemmed from incorrect enforcement of certain RDN...

4.2CVSS6.4AI score0.00143EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.12 views

Nats-Server 安全漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used in Nats.io, cloud, and edge native messaging systems. There were security vulnerabilities in versions of Nats-Server before 2.11.15 and 2.12.6. These vulnerabilities stemmed from the incorrect classification of MQTT...

8.6CVSS6.4AI score0.00365EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/24 9:51 p.m.8 views

NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. One authentication model supported is mTLS, deriving the NATS client identity from properties of the TLS Client Certificate. Problem...

4.2CVSS5.8AI score0.00143EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/24 9:44 p.m.6 views

NATS allows MQTT clients to bypass ACL checks

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server provides an MQTT client interface. Problem Description When using ACLs on message subjects, these ACLs were not applied in t...

8.1CVSS5.8AI score0.00259EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.6 views

PT-2026-27613

Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.15 NATS-Server versions prior to 2.12.6 Description NATS-Server, a high-performance server for NATS.io, a cloud and edge native messaging system, contains an issue where MQTT passwords are incorrectly...

9.8CVSS5.8AI score0.00573EPSS
Exploits16References160
Rows per page
Query Builder