2 matches found
CVE-2026-58211
CVE-2026-58211 affects NATS Server. A vulnerable path allows a client to be registered as the configured no_auth_user via a parser path when the first client operation is not CONNECT, bypassing user-level connection restrictions such as allowed_connection_types or proxy_required. This could enabl...
GO-2023-2133 Authorization bypass in github.com/nats-io/nats-server/v2
Without any authorization rules in the nats-server, users can connect without authentication. Before nats-server 2.2.0, all authentication and authorization rules for a nats-server lived in an "authorization" block, defining users. With nats-server 2.2.0 all users live inside accounts. When using...