7 matches found
CVE-2026-33246 NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a Nats-Request-Info: message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NAT...
CVE-2026-33246
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a Nats-Request-Info: message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NAT...
Nats-Server 信任管理问题漏洞
Nats-Server is a high-performance server developed by Nats Open Source, used in Nats.io, cloud, and edge native messaging systems. Versions of Nats-Server prior to 2.11.15 and 2.12.6 contained a trust management vulnerability. This vulnerability stemmed from incorrect enforcement of certain RDN...
Nats-Server 安全漏洞
Nats-Server is a high-performance server developed by Nats Open Source, used in Nats.io, cloud, and edge native messaging systems. There were security vulnerabilities in versions of Nats-Server before 2.11.15 and 2.12.6. These vulnerabilities stemmed from the incorrect classification of MQTT...
NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching
Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. One authentication model supported is mTLS, deriving the NATS client identity from properties of the TLS Client Certificate. Problem...
NATS allows MQTT clients to bypass ACL checks
Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server provides an MQTT client interface. Problem Description When using ACLs on message subjects, these ACLs were not applied in t...
PT-2026-27613
Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.15 NATS-Server versions prior to 2.12.6 Description NATS-Server, a high-performance server for NATS.io, a cloud and edge native messaging system, contains an issue where MQTT passwords are incorrectly...