CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/03/25 7:53 p.m.•1 views

CVE-2026-33218 NATS has pre-auth server panic via leafnode handling

AlpineLinux•added 2026/03/25 7:53 p.m.•0 views

CVE-2026-33218

Debian CVE•added 2026/03/25 7:53 p.m.•2 views

Exploits0

CVE-2026-33218

7.5CVSS6AI score0.00066EPSS

Exploits0

OSV•added 2026/03/25 7:53 p.m.•1 views

CVE-2026-33218 NATS has pre-auth server panic via leafnode handling

7.5CVSS5.9AI score0.00066EPSS

Exploits0References4

ATTACKERKB•added 2026/03/25 7:53 p.m.•3 views

CVE-2026-33218

Exploits0References3Affected Software1

Cvelist•added 2026/03/25 7:53 p.m.•23 views

CVE-2026-33218 NATS has pre-auth server panic via leafnode handling

7.5CVSS0.00066EPSS

CVE•added 2026/03/25 7:53 p.m.•7 views

CVE-2026-33218

The CVE-2026-33218 entry relates to NATS Server (nats-server) and a pre-auth crash triggered by a malformed leafnode message. Affected versions are any before v2.12.6 or v2.11.15. The root cause is a malformed message on leafnode handling that can crash the server before authentication. Mitigatio...

Exploits0References2Affected Software1

Vulnrichment•added 2026/03/25 7:50 p.m.•0 views

CVE-2026-33246 NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a Nats-Request-Info: message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NAT...

6.4CVSS5.9AI score0.00034EPSS

Cvelist•added 2026/03/25 7:50 p.m.•20 views

CVE-2026-33246 NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers

6.4CVSS0.00034EPSS

OSV•added 2026/03/25 7:50 p.m.•1 views

CVE-2026-33246 NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers

6.4CVSS5.9AI score0.00034EPSS

Exploits0References4

CVE•added 2026/03/25 7:50 p.m.•5 views

CVE-2026-33246

CVE-2026-33246 affects the NATS-Server (NATS.io). The issue is that the Nats-Request-Info: header used for identity could be spoofed when a leafnode connects to a nats-server, potentially enabling identity claims to be misrepresented. The root cause is header spoofing in leafnode connections; the...

6.4CVSS5.8AI score0.00034EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/03/25 7:38 p.m.•22 views

CVE-2026-29785 NATS Server panic via malicious compression on leafnode port

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...

7.5CVSS0.0014EPSS

CVE•added 2026/03/25 7:38 p.m.•4 views

CVE-2026-29785

CVE-2026-29785 affects the NATS-Server (NATS.io) prior to versions 2.11.14 and 2.12.5. When leafnode is enabled (not default) and compression is enabled (default with leafnodes), an unauthenticated attacker who can connect can crash the server by triggering a panic. The condition is pre-authentic...

7.5CVSS5.8AI score0.0014EPSS

Exploits0References3Affected Software1

AlpineLinux•added 2026/03/25 7:38 p.m.•1 views

CVE-2026-29785

7.5CVSS5.8AI score0.0014EPSS

ATTACKERKB•added 2026/03/25 7:38 p.m.•7 views

CVE-2026-29785

7.5CVSS5.8AI score0.0014EPSS

Exploits0References4Affected Software1

Debian CVE•added 2026/03/25 7:38 p.m.•3 views

CVE-2026-29785

7.5CVSS6AI score0.0014EPSS

Exploits0

OSV•added 2026/03/25 7:38 p.m.•0 views

CVE-2026-29785 NATS Server panic via malicious compression on leafnode port

7.5CVSS6.3AI score0.0014EPSS

Exploits0References5

Vulnrichment•added 2026/03/25 7:38 p.m.•1 views

CVE-2026-29785 NATS Server panic via malicious compression on leafnode port

7.5CVSS5.9AI score0.0014EPSS