2 matches found
CVE-2026-33223
CVE-2026-33223 affects NATS-Server. Prior to versions 2.11.15 and 2.12.6, the Nats-Request-Info header, intended to guarantee identity, could still be stripped incompletely from inbound messages, allowing an attacker with valid credentials to spoof identity to services relying on that header. The...
CVE-2026-33223 NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header Nats-Request-Info: is supposed to be a guarantee of identity by the NATS server, but the stripping of this header from inbound messages was...