Lucene search
K

4 matches found

OSV
OSV
added 2026/03/25 9:16 p.m.2 views

DEBIAN-CVE-2026-33248

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

4.2CVSS6.1AI score0.00143EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 8:18 p.m.23 views

CVE-2026-33248 NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

4.2CVSS0.00143EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/24 9:51 p.m.8 views

NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. One authentication model supported is mTLS, deriving the NATS client identity from properties of the TLS Client Certificate. Problem...

4.2CVSS5.8AI score0.00143EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.4 views

PT-2026-27621

Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.15 NATS-Server versions prior to 2.12.6 Description NATS-Server, a high-performance server for NATS.io, a cloud and edge native messaging system, has an issue where, when using mTLS for client identity with...

9.8CVSS5.8AI score0.00658EPSS
Exploits14References157
Rows per page
Query Builder