Lucene search
K

5 matches found

NVD
NVD
added 6 days ago5 views

CVE-2026-58252

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset...

6.5CVSS0.00465EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-58252 NATS Server: Subscribe Authz Bypass via Wildcard-Overlap

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset...

6.5CVSS0.00465EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56564

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.0 NATS Server versions prior to 2.12.7 NATS Server versions prior to 2.11.16 Description An authenticated user can receive messages on denied subjects. This occurs when a wildcard subscription overlaps with a...

6.5CVSS6.1AI score0.00465EPSS
Exploits0References12
Veracode
Veracode
added 2024/07/12 6:59 a.m.18 views

Authentication Bypass

github.com/nats-io/nats-server is vulnerable to Authentication bypass. The vulnerability is due to a failure to enforce negative user permissions in one scenario. Attackers can exploit this by using a queue subscription on the wildcard to access denied subjects...

6.3CVSS6.6AI score0.00478EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2024/07/11 12:0 a.m.31 views

CVE-2022-29946

NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerabilit...

6.3CVSS5.8AI score0.00478EPSS
Exploits0
Rows per page
Query Builder