Lucene search
+L

559 matches found

redhatcve
redhatcve
added 3 days ago6 views

CVE-2026-58253

A flaw was found in NATS Server. When the noauthuser configuration is enabled, a parser optimization intended for client connections can inadvertently apply to route or leafnode listeners. This allows an unauthenticated attacker on an adjacent network to bypass inter-server authentication...

8.8CVSS6AI score0.00368EPSS
Exploits0References10
redhatcve
redhatcve
added 3 days ago7 views

CVE-2026-58250

A flaw was found in NATS Server, a high-performance messaging system. An unauthenticated attacker with network access to a leafnode listener, where compression is enabled, could exploit this vulnerability. By sending repeated leafnode INFO protocol messages during the pre-authentication handshake...

7.5CVSS6AI score0.00732EPSS
Exploits0References8
mscve
mscve
added 5 days ago3 views

NATS Server: Route API Auth Bypass

...

8.8CVSS6.1AI score0.00368EPSS
Exploits0
mscve
mscve
added 5 days ago3 views

NATS Server: MQTT retained and QoS replay bypass subscribe deny filters

...

4.3CVSS6.1AI score0.00342EPSS
Exploits0
mscve
mscve
added 5 days ago2 views

NATS Server: Subscribe Authz Bypass via Wildcard-Overlap

...

6.5CVSS6.1AI score0.00465EPSS
Exploits0
mscve
mscve
added 5 days ago2 views

NATS Server: Pre-auth server crash via double INFO in leafnode handshake

...

7.5CVSS6.1AI score0.00732EPSS
Exploits0
redhatcve
redhatcve
added 6 days ago8 views

CVE-2026-58207

A flaw was found in NATS Server. A client with the ability to send account-scoped connection monitoring requests could crash the server. This is achieved by providing pagination offset and limit values that cause an arithmetic overflow, leading to a Denial of Service DoS. Mitigation Upstream...

7.7CVSS6AI score0.0056EPSS
Exploits0References8
snyk
snyk
added 2026/07/08 10:39 p.m.4 views

Improper Authorization

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the queue subscription process. An attacker can gain unauthorized...

7.1CVSS6.1AI score0.00463EPSS
Exploits0References2
snyk
snyk
added 2026/07/08 10:39 p.m.3 views

NULL Pointer Dereference

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to NULL Pointer Dereference via the leafnode handshake process. An attacker can cause the serve...

8.7CVSS6.1AI score0.00732EPSS
Exploits0References2
snyk
snyk
added 2026/07/08 10:38 p.m.5 views

Incorrect Authorization

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient enforcement of destination permission checks for...

6.5CVSS6.1AI score0.00308EPSS
Exploits0References2
snyk
snyk
added 2026/07/08 10:38 p.m.5 views

Improper Authorization

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the subscription authorization process. An attacker can access...

7.1CVSS6.1AI score0.00465EPSS
Exploits0References2
snyk
snyk
added 2026/07/08 10:38 p.m.4 views

Incorrect Authorization

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient enforcement of destination permission checks for...

6.5CVSS6.1AI score0.00308EPSS
Exploits0References2
snyk
snyk
added 2026/07/08 10:38 p.m.5 views

Improper Authentication

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authentication in the parser fast path for inter-server connections, which applies a...

8.8CVSS6.1AI score0.00368EPSS
Exploits0References2
snyk
snyk
added 2026/07/08 10:38 p.m.5 views

Improper Authentication

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authentication in the parser fast path for inter-server connections, which applies ...

8.8CVSS6.1AI score0.00368EPSS
Exploits0References2
snyk
snyk
added 2026/07/08 10:38 p.m.5 views

Injection

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Injection in the MQTT SUBSCRIBE handling, which forwards protocol control characters from...

7.1CVSS6.2AI score0.00441EPSS
Exploits0References2
snyk
snyk
added 2026/07/08 10:38 p.m.4 views

Integer Overflow or Wraparound

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the Connz connection monitoring pagination handler, which...

7.7CVSS6.2AI score0.0056EPSS
Exploits0References2
snyk
snyk
added 2026/07/08 10:38 p.m.5 views

Integer Overflow or Wraparound

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the Connz connection monitoring pagination handler, which...

7.7CVSS6.2AI score0.0056EPSS
Exploits0References2
snyk
snyk
added 2026/07/08 10:38 p.m.5 views

Uncaught Exception

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Uncaught Exception in the WebSocket listener routing, which dispatches requests for the...

8.2CVSS6.1AI score0.00593EPSS
Exploits0References2
nvd
nvd
added 2026/07/08 9:16 p.m.8 views

CVE-2026-58211

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured noauthuser through a parser path used when the first client operation was not CONNECT, bypassing user-level connection...

5.4CVSS0.00292EPSS
Exploits0References1
nvd
nvd
added 2026/07/08 9:16 p.m.7 views

CVE-2026-58208

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with...

7.5CVSS0.00593EPSS
Exploits0References5
Rows per page
Query Builder