36 matches found
CVE-2023-46129
CVE-2023-46129 describes a crypto bug in the nkeys library used by NATS. In nkeys versions 0.4.0–0.4.5 (aligned with NATS server 2.10.0–2.10.3), the xkeys encryption handling logic accidentally passed an array by value to an internal function that mutated the buffer to supply the encryption key. ...
CVE-2023-47090
CVE-2023-47090 : The NATS nats-server authentication bypass affects 2.9.23 and 2.10.x before 2.10.2; an implicit "$G" user in an authorization block can allow unauthenticated access, even if accounts exist. Earliest affected version is 2.2.0. The connected IBM / OSS advisories confirm the vulnera...
CVE-2022-24450
CVE-2022-24450 affects NATS nats-server up to and including 2.7.1, with a root cause in an experimental feature for dynamically provisioned sandbox accounts that allowed any authenticated user to switch into any account, including the System account. The impact is high (privilege escalation and f...
CVE-2022-26652
Summary: CVE-2022-26652 affects NATS nats-server (up to 2.7.3) and nats-streaming-server (up to 0.24.2). The issue is a directory traversal (“Zip Slip”) via an element in a ZIP archive used in JetStream streams, allowing potentially arbitrary file write. The root cause is insufficient sanitizatio...
CVE-2021-3127
The CVE concerns NATS Server 2.x (pre-2.2.0) and the JWT library (pre-2.0.1) where Import Token bindings were mishandled, causing Incorrect Access Control. The root cause is improper validation of Import Token bindings, allowing cross-account access to imported subjects. Affected versions include...
CVE-2020-26521
CVE-2020-26521 affects NATS server’s JWT handling: the JWT library (used by nats-server) can dereference nil during decoding, causing Denial of Service. Affected: NATS Server versions before 2.1.9. Root cause: nil dereference in Go code when processing User JWTs. Remediation: upgrade the JWT depe...
CVE-2022-28357
CVE-2022-28357 affects NATS nats-server; versions 2.2.0–2.7.4 allow directory traversal via an unintended path to a management action from a management account. Connected sources (OSV, NVD, GHSA, Fedora/Nessus/OpenVAS) corroborate the issue. The impact is described as directory traversal, with hi...
CVE-2020-26892
Summary : CVE-2020-26892 affects NATS nats-server before 2.1.9 due to incorrect access control from how expired credentials are handled in the JWT library. The vulnerability stems from the JWT package’s credential expiry checks, which could allow bypassing access restrictions. Affected versions i...
CVE-2020-28466
CVE-2020-28466 affects the nats-server component at github.com/nats-io/nats-server/server. The issue arises from an export/import cycle between accounts that untrusted users can trigger, causing the server to crash (denial of service) by consuming CPU/memory. Connected advisories indicate the 2.x...
CVE-2019-13126
CVE-2019-13126 is an integer overflow in the NATS Server prior to 2.0.2 that allows a remote attacker to crash the server by sending a crafted request; if authentication is enabled, the attacker must have authenticated first. Public notices extend risk to later versions (e.g., GHSA references for...
CVE-2026-33215
CVE-2026-33215 affects NATS-Server (NATS.io) where the MQTT client interface allows hijacking of Sessions and Messages due to MQTT Client ID malfeasance. Affected versions are prior to 2.11.15 and 2.12.5; these versions patch the issue. The description does not provide exploit details or how atta...
CVE-2026-27889
CVE-2026-27889 pertains to the NATS server when WebSockets are enabled. A pre-authentication remote crash can be triggered by a crafted WebSocket frame with a 64-bit extended payload length MSB set, which causes a signed/unsigned handling issue and results in an unrecovered panic, terminating the...
CVE-2026-27571
NATS-Server WebSockets handling is vulnerable to a pre-auth memory DoS via a compression bomb. Prior to v2.11.2 and v2.12.3, memory bounds for a NATS message were not independently applied to the memory stream, allowing excessive memory consumption and potential OS termination. The issue is explo...
CVE-2026-33247
CVE-2026-33247 affects the NATS-Server (NATS.io). Prior to versions 2.11.15 and 2.12.6, running nats-server with static credentials provided via argv causes those credentials to be visible to any user who can see the monitoring port; the /debug/vars endpoint exposes an unredacted argv. A fix is a...
CVE-2026-33222
NATS-Server (JetStream) contains an authorization bypass via the JetStream management API: users with JetStream admin API access to restore one stream could restore to other stream names, risking data overwrite across streams. Affected versions are prior to 2.11.15 and 2.12.6. The fixed releases ...
CVE-2026-33223
CVE-2026-33223 affects NATS-Server. Prior to versions 2.11.15 and 2.12.6, the Nats-Request-Info header, intended to guarantee identity, could still be stripped incompletely from inbound messages, allowing an attacker with valid credentials to spoof identity to services relying on that header. The...
CVE-2026-33217
CVE-2026-33217 affects NATS-Server prior to versions 2.11.15 and 2.12.6, where ACLs on message subjects were not applied in the $MQTT.> namespace, letting MQTT clients bypass ACL checks for MQTT subjects. Root cause: ACLs not enforced in that namespace. Impact: potential unauthorized access/by...
CVE-2026-33219
CVE-2026-33219 affects NATS-Server (NATS.io) before versions 2.11.15 and 2.12.6. A malicious client connecting to the WebSockets port can trigger unbounded memory growth in nats-server prior to authentication by sending a large amount of data. This is a milder variant of CVE-2026-27571 and requir...
CVE-2026-33218
CVE-2026-33218 affects NATS-Server. Prior to versions 2.11.15 and 2.12.6, a client able to reach the leafnode port can crash the server with a specially malformed message before authentication. Versions 2.11.15 and 2.12.6 include a fix. Affected product: NATS-Server (leafnode handling). Root caus...
CVE-2026-29785
CVE-2026-29785 affects the NATS-Server (NATS.io) prior to versions 2.11.14 and 2.12.5. When leafnode is enabled (not default) and compression is enabled (default with leafnodes), an unauthenticated attacker who can connect can crash the server by triggering a panic. The condition is pre-authentic...
CVE-2026-33216
Impactful CVE-2026-33216 (NATS-Server) : In MQTT deployments using usercodes/passwords, passwords are incorrectly classified as a non-authenticating identity statement (JWT) and exposed through monitoring endpoints. Affected versions are prior to 2.11.15 and 2.12.6; fixes are in 2.11.14 and 2.12....
CVE-2026-33249
NATS-Server vulnerability CVE-2026-33249 affects versions 2.11.0 through 2.11.14 and 2.12.0 through 2.12.5. A valid client using message tracing headers can cause trace messages to be sent to an arbitrary valid subject, including subjects the client cannot publish to; the payload is a valid trace...
CVE-2026-33246
CVE-2026-33246 affects the NATS-Server (NATS.io). The issue is that the Nats-Request-Info: header used for identity could be spoofed when a leafnode connects to a nats-server, potentially enabling identity claims to be misrepresented. The root cause is header spoofing in leafnode connections; the...
CVE-2026-58213
NATS Server (nats-server) before versions 2.14.1 and 2.12.9 is vulnerable: an MQTT client can include protocol control characters in subscription filters, which are later forwarded as NATS protocol data to route or leafnode connections. This corrupts the forwarded protocol stream and allows injec...
CVE-2026-33248
NATS-Server has an authentication bypass vulnerability in mTLS verify_and_map where certain RDN patterns in the client certificate Subject DN were not correctly enforced. A valid certificate from a trusted CA could bypass identity checks on versions prior to 2.11.15 and 2.12.6. The issue is consi...
CVE-2026-58214
CVE-2026-58214 – NATS Server (MQTT subscribe ACL bypass) Prior to version 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protocol metadata for sessions in the a...
CVE-2026-58252
CVE-2026-58252 affects NATS Server prior to versions 2.14.0, 2.12.7, and 2.11.16. An authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset of it; queue subscriptions could also affect delivery...
CVE-2026-58209
NATS Server before versions 2.14.3 and 2.12.12 could deliver MQTT retained messages and QoS1+ durable replays to subscribers whose topics matched a deny rule, because delivery paths did not consistently re-check the original topic before sending MQTT PUBLISH. This issue is fixed in 2.14.3 and 2.1...
CVE-2026-58253
NATS Server (affected: prior to 2.14.0, 2.12.7, and 2.11.16) contains a parser fast path vulnerability where no_auth_user handling could apply to route/leafnode listeners, enabling an unauthenticated peer to bypass inter‑server CONNECT authentication and operate with the privileges of that connec...
CVE-2026-58254
NATS Server (affected components: leafnode message trace destination checks) could allow a leafnode operator to send trace events to subjects that should be disallowed and use trace-only behavior to interfere with delivery/storage. Root cause: checks were applied to ordinary client connections bu...
CVE-2026-58210
CVE-2026-58210 affects NATS Server prior to versions 2.14.3 and 2.12.12. An unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completes, exhausting memory due to the parser waiting for the advertised MQTT packet length. The is...
CVE-2026-58211
CVE-2026-58211 affects NATS Server. A vulnerable path allows a client to be registered as the configured no_auth_user via a parser path when the first client operation is not CONNECT, bypassing user-level connection restrictions such as allowed_connection_types or proxy_required. This could enabl...
CVE-2026-58208
CVE-2026-58208 affects NATS Server. A WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with WebSocket access to reach an uninitialized MQTT state and crash the server process. This iss...
CVE-2026-58250
CVE-2026-58250 affects NATS Server: an unauthenticated peer with access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by sending repeated leafnode INFO messages. The issue is fixed in versions 2.12.8 and 2.11.17 . Exploitat...
CVE-2026-58251
CVE-2026-58251 affects NATS Server prior to version 2.14.0, 2.12.7, and 2.11.16. An authenticated user with subscription deny permissions could bypass a plain Subject deny rule by using a queue subscription, because queue-specific deny evaluation could override the plain subject deny result when ...
CVE-2026-58207
CVE-2026-58207 affects NATS Server. A client sending account-scoped Connz pagination requests could cause an integer overflow in the pagination logic, crashing the server before the response window is bounded. Affected versions are before 2.14.3 and before 2.12.12; fixed releases are 2.14.3 and 2...