Lucene search
K

130 matches found

RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-58253

A flaw was found in NATS Server. When the noauthuser configuration is enabled, a parser optimization intended for client connections can inadvertently apply to route or leafnode listeners. This allows an unauthenticated attacker on an adjacent network to bypass inter-server authentication...

8.8CVSS6AI score0.00368EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-58250

A flaw was found in NATS Server, a high-performance messaging system. An unauthenticated attacker with network access to a leafnode listener, where compression is enabled, could exploit this vulnerability. By sending repeated leafnode INFO protocol messages during the pre-authentication handshake...

7.5CVSS6AI score0.00732EPSS
Exploits0References8
Snyk
Snyk
added last week6 views

NULL Pointer Dereference

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to NULL Pointer Dereference via the leafnode handshake process. An attacker can cause the server t...

8.7CVSS6.1AI score0.00732EPSS
Exploits0References2
Snyk
Snyk
added last week3 views

NULL Pointer Dereference

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to NULL Pointer Dereference via the leafnode handshake process. An attacker can cause the serve...

8.7CVSS6.1AI score0.00732EPSS
Exploits0References2
Snyk
Snyk
added last week5 views

Incorrect Authorization

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient enforcement of destination permission checks for...

6.5CVSS6.1AI score0.00308EPSS
Exploits0References2
Snyk
Snyk
added last week4 views

Incorrect Authorization

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient enforcement of destination permission checks for...

6.5CVSS6.1AI score0.00308EPSS
Exploits0References2
Snyk
Snyk
added last week5 views

Improper Authentication

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authentication in the parser fast path for inter-server connections, which applies a...

8.8CVSS6.1AI score0.00368EPSS
Exploits0References2
Snyk
Snyk
added last week5 views

Improper Authentication

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authentication in the parser fast path for inter-server connections, which applies ...

8.8CVSS6.1AI score0.00368EPSS
Exploits0References2
NVD
NVD
added last week6 views

CVE-2026-58254

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...

6.5CVSS0.00308EPSS
Exploits0References4
NVD
NVD
added last week6 views

CVE-2026-58253

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when noauthuser was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an...

8.8CVSS0.00368EPSS
Exploits0References7
NVD
NVD
added last week6 views

CVE-2026-58250

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by...

7.5CVSS0.00732EPSS
Exploits0References5
Cvelist
Cvelist
added last week38 views

CVE-2026-58250 NATS Server: Pre-auth server crash via double INFO in leafnode handshake

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by...

7.5CVSS0.00732EPSS
Exploits0References5
CVE
CVE
added last week9 views

CVE-2026-58250

CVE-2026-58250 affects NATS Server: an unauthenticated peer with access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by sending repeated leafnode INFO messages. The issue is fixed in versions 2.12.8 and 2.11.17 . Exploitat...

7.5CVSS5.9AI score0.00732EPSS
Exploits0References5Affected Software1
OSV
OSV
added last week3 views

CVE-2026-58250 NATS Server: Pre-auth server crash via double INFO in leafnode handshake

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by...

7.5CVSS6.1AI score0.00732EPSS
Exploits0References7
OSV
OSV
added last week4 views

CVE-2026-58253 NATS Server: Route API Auth Bypass

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when noauthuser was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an...

8.8CVSS6.1AI score0.00368EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56565

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.0 NATS Server versions prior to 2.12.7 NATS Server versions prior to 2.11.16 Description When no auth user is configured, a parser fast path designed for standard client connections may incorrectly apply to...

8.8CVSS6.1AI score0.00368EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.6 views

PT-2026-56566

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.8 Description Message trace destination checks are not consistently applied to messages arriving through leafnode connections. This allows a leafnode operator to send trac...

6.5CVSS6.1AI score0.00308EPSS
Exploits0References9
Microsoft CVE
Microsoft CVE
added 2026/04/02 8:6 a.m.7 views

NATS Server panic via malicious compression on leafnode port

...

7.5CVSS6.3AI score0.00658EPSS
Exploits0
OSV
OSV
added 2026/03/27 5:45 p.m.4 views

BIT-NATS-2026-33246 NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a Nats-Request-Info: message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NAT...

6.4CVSS5.9AI score0.00143EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 5:45 p.m.51 views

BIT-NATS-2026-33218 NATS has pre-auth server panic via leafnode handling

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-authentication. Versions 2.11.15 and 2.12.6 contain ...

7.5CVSS5.9AI score0.00616EPSS
Exploits0References9
Rows per page
Query Builder