CVE-2026-58253
NATS Server (affected: prior to 2.14.0, 2.12.7, and 2.11.16) contains a parser fast path vulnerability where no_auth_user handling could apply to route/leafnode listeners, enabling an unauthenticated peer to bypass inter‑server CONNECT authentication and operate with the privileges of that connec...