BIT-NATS-2026-29785 NATS Server panic via malicious compression on leafnode port

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...

CVE-2026-27889

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-server. This happens before authentication, and...

Nats-Server 输入验证错误漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used for native message delivery systems on Nats.io, cloud, and edge environments. Versions of Nats-Server prior to 2.11.14 and 2.12.5 contained a vulnerability related to input validation errors. This vulnerability stemmed...

DEBIAN-CVE-2026-33215

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...

CVE-2026-33215

CVE-2026-33215 affects NATS-Server (NATS.io) where the MQTT client interface allows hijacking of Sessions and Messages due to MQTT Client ID malfeasance. Affected versions are prior to 2.11.15 and 2.12.5; these versions patch the issue. The description does not provide exploit details or how atta...

CVE-2026-33215 NATS is vulnerable to MQTT hijacking via Client ID

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...

Nats-Server 安全漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used for native message delivery systems on Nats.io, cloud, and edge environments. There were security vulnerabilities in versions of Nats-Server prior to 2.11.15 and 2.12.5. These vulnerabilities stemmed from improper handli...

KrakenD 安全漏洞

KrakenD is an open-source, scalable high-performance API gateway developed by KrakenD. It helps you easily adopt microservices and secure communication. There were security vulnerabilities in versions of KrakenD prior to 2.13.1 and KrakenD-EE prior to 2.12.5. These vulnerabilities stemmed from...

PT-2025-14055 · Unknown · Xili-Dictionary

Name of the Vulnerable Software and Affected Versions: xili-dictionary versions 2.12.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS in the xili-dictionary...