Lucene search
K

19 matches found

OSV
OSV
added 2026/03/27 5:45 p.m.3 views

BIT-NATS-2026-33248 NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

4.2CVSS5.8AI score0.00143EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 5:45 p.m.4 views

BIT-NATS-2026-33219 NATS is vulnerable to pre-auth DoS through WebSockets client service

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can cause unbounded memory use in the nats-server before authentication; this requires sending a...

7.5CVSS5.9AI score0.00532EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-33219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which c...

7.5CVSS6.4AI score0.00532EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-33218

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect...

7.5CVSS6.4AI score0.00616EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33247

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run wi...

7.5CVSS6.4AI score0.00414EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-33248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client...

4.2CVSS6.4AI score0.00143EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-33217

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message...

8.1CVSS6.4AI score0.00259EPSS
Exploits0References3
NVD
NVD
added 2026/03/25 9:16 p.m.9 views

CVE-2026-33248

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

4.2CVSS0.00143EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 9:16 p.m.8 views

CVE-2026-33223

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header Nats-Request-Info: is supposed to be a guarantee of identity by the NATS server, but the stripping of this header from inbound messages was...

6.4CVSS0.00211EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/25 8:21 p.m.4 views

CVE-2026-33249

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message tracing headers can indicate that the trace messages can be sent to an arbitrary valid subject,...

4.3CVSS5.9AI score0.00228EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/25 8:20 p.m.25 views

CVE-2026-33223 NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header Nats-Request-Info: is supposed to be a guarantee of identity by the NATS server, but the stripping of this header from inbound messages was...

6.4CVSS0.00211EPSS
Exploits0References2
OSV
OSV
added 2026/03/25 8:20 p.m.6 views

CVE-2026-33223 NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header Nats-Request-Info: is supposed to be a guarantee of identity by the NATS server, but the stripping of this header from inbound messages was...

6.4CVSS6.3AI score0.00211EPSS
Exploits0References4
OSV
OSV
added 2026/03/25 8:16 p.m.2 views

DEBIAN-CVE-2026-33218

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-authentication. Versions 2.11.15 and 2.12.6 contain ...

7.5CVSS6AI score0.00616EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 8:16 p.m.4 views

CVE-2026-33216

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement JWT and exposed via monitoring...

8.6CVSS0.00365EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2026/03/25 7:53 p.m.4 views

CVE-2026-33218

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-authentication. Versions 2.11.15 and 2.12.6 contain ...

7.5CVSS6AI score0.00616EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/03/25 7:50 p.m.3 views

CVE-2026-33246

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a Nats-Request-Info: message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NAT...

6.4CVSS5.8AI score0.00143EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/25 7:43 p.m.5 views

CVE-2026-33217

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied in the $MQTT. namespace, allowing MQTT clients to bypass ACL checks for MQTT subjects. Versions...

8.1CVSS6.1AI score0.00259EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/24 8:55 p.m.22 views

CVE-2026-33215 NATS is vulnerable to MQTT hijacking via Client ID

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...

6.5CVSS0.0024EPSS
Exploits0References2
OSV
OSV
added 2024/03/19 2:15 p.m.4 views

CVE-2024-29135

Unrestricted Upload of File with Dangerous Type vulnerability in Tourfic.This issue affects Tourfic: from n/a through 2.11.15...

8.8CVSS5.8AI score0.00669EPSS
Exploits0References1
Rows per page
Query Builder