Lucene search
K
LinuxfoundationNats-server

36 matches found

CVE
CVE
added 2023/10/30 11:47 p.m.424 views

CVE-2023-46129

CVE-2023-46129 describes a crypto bug in the nkeys library used by NATS. In nkeys versions 0.4.0–0.4.5 (aligned with NATS server 2.10.0–2.10.3), the xkeys encryption handling logic accidentally passed an array by value to an internal function that mutated the buffer to supply the encryption key. ...

7.5CVSS7.5AI score0.00374EPSS
CVE
CVE
added 2023/10/30 12:0 a.m.322 views

CVE-2023-47090

CVE-2023-47090 : The NATS nats-server authentication bypass affects 2.9.23 and 2.10.x before 2.10.2; an implicit "$G" user in an authorization block can allow unauthenticated access, even if accounts exist. Earliest affected version is 2.2.0. The connected IBM / OSS advisories confirm the vulnera...

6.5CVSS6.4AI score0.00662EPSS
CVE
CVE
added 2022/02/08 1:14 a.m.197 views

CVE-2022-24450

CVE-2022-24450 affects NATS nats-server up to and including 2.7.1, with a root cause in an experimental feature for dynamically provisioned sandbox accounts that allowed any authenticated user to switch into any account, including the System account. The impact is high (privilege escalation and f...

9CVSS8.5AI score0.01305EPSS
CVE
CVE
added 2022/03/10 3:48 a.m.127 views

CVE-2022-26652

Summary: CVE-2022-26652 affects NATS nats-server (up to 2.7.3) and nats-streaming-server (up to 0.24.2). The issue is a directory traversal (“Zip Slip”) via an element in a ZIP archive used in JetStream streams, allowing potentially arbitrary file write. The root cause is insufficient sanitizatio...

6.5CVSS6.3AI score0.02305EPSS
CVE
CVE
added 2021/03/16 7:55 p.m.89 views

CVE-2021-3127

The CVE concerns NATS Server 2.x (pre-2.2.0) and the JWT library (pre-2.0.1) where Import Token bindings were mishandled, causing Incorrect Access Control. The root cause is improper validation of Import Token bindings, allowing cross-account access to imported subjects. Affected versions include...

7.5CVSS7.4AI score0.0146EPSS
CVE
CVE
added 2020/11/06 7:35 a.m.74 views

CVE-2020-26521

CVE-2020-26521 affects NATS server’s JWT handling: the JWT library (used by nats-server) can dereference nil during decoding, causing Denial of Service. Affected: NATS Server versions before 2.1.9. Root cause: nil dereference in Go code when processing User JWTs. Remediation: upgrade the JWT depe...

7.5CVSS7.2AI score0.0209EPSS
CVE
CVE
added 2023/09/19 12:0 a.m.73 views

CVE-2022-28357

CVE-2022-28357 affects NATS nats-server; versions 2.2.0–2.7.4 allow directory traversal via an unintended path to a management action from a management account. Connected sources (OSV, NVD, GHSA, Fedora/Nessus/OpenVAS) corroborate the issue. The impact is described as directory traversal, with hi...

9.8CVSS9.3AI score0.00994EPSS
CVE
CVE
added 2020/11/06 7:36 a.m.72 views

CVE-2020-26892

Summary : CVE-2020-26892 affects NATS nats-server before 2.1.9 due to incorrect access control from how expired credentials are handled in the JWT library. The vulnerability stems from the JWT package’s credential expiry checks, which could allow bypassing access restrictions. Affected versions i...

9.8CVSS9.3AI score0.02054EPSS
CVE
CVE
added 2021/03/07 9:55 a.m.69 views

CVE-2020-28466

CVE-2020-28466 affects the nats-server component at github.com/nats-io/nats-server/server. The issue arises from an export/import cycle between accounts that untrusted users can trigger, causing the server to crash (denial of service) by consuming CPU/memory. Connected advisories indicate the 2.x...

7.5CVSS7.5AI score0.03658EPSS
CVE
CVE
added 2019/07/29 4:7 p.m.57 views

CVE-2019-13126

CVE-2019-13126 is an integer overflow in the NATS Server prior to 2.0.2 that allows a remote attacker to crash the server by sending a crafted request; if authentication is enabled, the attacker must have authenticated first. Public notices extend risk to later versions (e.g., GHSA references for...

7.5CVSS7.6AI score0.01739EPSS
CVE
CVE
added 2026/03/24 8:55 p.m.43 views

CVE-2026-33215

CVE-2026-33215 affects NATS-Server (NATS.io) where the MQTT client interface allows hijacking of Sessions and Messages due to MQTT Client ID malfeasance. Affected versions are prior to 2.11.15 and 2.12.5; these versions patch the issue. The description does not provide exploit details or how atta...

6.5CVSS5.8AI score0.0024EPSS
CVE
CVE
added 2026/03/25 7:36 p.m.39 views

CVE-2026-27889

CVE-2026-27889 pertains to the NATS server when WebSockets are enabled. A pre-authentication remote crash can be triggered by a crafted WebSocket frame with a 64-bit extended payload length MSB set, which causes a signed/unsigned handling issue and results in an unrecovered panic, terminating the...

7.5CVSS5.9AI score0.00582EPSS
CVE
CVE
added 2026/02/24 3:59 p.m.36 views

CVE-2026-27571

NATS-Server WebSockets handling is vulnerable to a pre-auth memory DoS via a compression bomb. Prior to v2.11.2 and v2.12.3, memory bounds for a NATS message were not independently applied to the memory stream, allowing excessive memory consumption and potential OS termination. The issue is explo...

7.5CVSS5.7AI score0.00478EPSS
CVE
CVE
added 2026/03/25 8:2 p.m.30 views

CVE-2026-33247

CVE-2026-33247 affects the NATS-Server (NATS.io). Prior to versions 2.11.15 and 2.12.6, running nats-server with static credentials provided via argv causes those credentials to be visible to any user who can see the monitoring port; the /debug/vars endpoint exposes an unredacted argv. A fix is a...

7.5CVSS5.8AI score0.00414EPSS
CVE
CVE
added 2026/03/25 8:10 p.m.27 views

CVE-2026-33222

NATS-Server (JetStream) contains an authorization bypass via the JetStream management API: users with JetStream admin API access to restore one stream could restore to other stream names, risking data overwrite across streams. Affected versions are prior to 2.11.15 and 2.12.6. The fixed releases ...

4.9CVSS5.8AI score0.00306EPSS
CVE
CVE
added 2026/03/25 8:20 p.m.25 views

CVE-2026-33223

CVE-2026-33223 affects NATS-Server. Prior to versions 2.11.15 and 2.12.6, the Nats-Request-Info header, intended to guarantee identity, could still be stripped incompletely from inbound messages, allowing an attacker with valid credentials to spoof identity to services relying on that header. The...

6.4CVSS5.8AI score0.00211EPSS
CVE
CVE
added 2026/03/25 7:43 p.m.24 views

CVE-2026-33217

CVE-2026-33217 affects NATS-Server prior to versions 2.11.15 and 2.12.6, where ACLs on message subjects were not applied in the $MQTT.> namespace, letting MQTT clients bypass ACL checks for MQTT subjects. Root cause: ACLs not enforced in that namespace. Impact: potential unauthorized access/by...

8.1CVSS5.8AI score0.00259EPSS
CVE
CVE
added 2026/03/25 7:55 p.m.23 views

CVE-2026-33219

CVE-2026-33219 affects NATS-Server (NATS.io) before versions 2.11.15 and 2.12.6. A malicious client connecting to the WebSockets port can trigger unbounded memory growth in nats-server prior to authentication by sending a large amount of data. This is a milder variant of CVE-2026-27571 and requir...

7.5CVSS5.8AI score0.00532EPSS
CVE
CVE
added 2026/03/25 7:53 p.m.21 views

CVE-2026-33218

CVE-2026-33218 affects NATS-Server. Prior to versions 2.11.15 and 2.12.6, a client able to reach the leafnode port can crash the server with a specially malformed message before authentication. Versions 2.11.15 and 2.12.6 include a fix. Affected product: NATS-Server (leafnode handling). Root caus...

7.5CVSS5.8AI score0.00616EPSS
CVE
CVE
added 2026/03/25 7:38 p.m.18 views

CVE-2026-29785

CVE-2026-29785 affects the NATS-Server (NATS.io) prior to versions 2.11.14 and 2.12.5. When leafnode is enabled (not default) and compression is enabled (default with leafnodes), an unauthenticated attacker who can connect can crash the server by triggering a panic. The condition is pre-authentic...

7.5CVSS5.8AI score0.00658EPSS
CVE
CVE
added 2026/03/25 7:41 p.m.18 views

CVE-2026-33216

Impactful CVE-2026-33216 (NATS-Server) : In MQTT deployments using usercodes/passwords, passwords are incorrectly classified as a non-authenticating identity statement (JWT) and exposed through monitoring endpoints. Affected versions are prior to 2.11.15 and 2.12.6; fixes are in 2.11.14 and 2.12....

8.6CVSS5.8AI score0.00365EPSS
CVE
CVE
added 2026/03/25 8:21 p.m.17 views

CVE-2026-33249

NATS-Server vulnerability CVE-2026-33249 affects versions 2.11.0 through 2.11.14 and 2.12.0 through 2.12.5. A valid client using message tracing headers can cause trace messages to be sent to an arbitrary valid subject, including subjects the client cannot publish to; the payload is a valid trace...

4.3CVSS5.9AI score0.00228EPSS
CVE
CVE
added 2026/03/25 7:50 p.m.15 views

CVE-2026-33246

CVE-2026-33246 affects the NATS-Server (NATS.io). The issue is that the Nats-Request-Info: header used for identity could be spoofed when a leafnode connects to a nats-server, potentially enabling identity claims to be misrepresented. The root cause is header spoofing in leafnode connections; the...

6.4CVSS5.8AI score0.00143EPSS
CVE
CVE
added 5 days ago14 views

CVE-2026-58213

NATS Server (nats-server) before versions 2.14.1 and 2.12.9 is vulnerable: an MQTT client can include protocol control characters in subscription filters, which are later forwarded as NATS protocol data to route or leafnode connections. This corrupts the forwarded protocol stream and allows injec...

7.1CVSS6AI score0.00439EPSS
CVE
CVE
added 2026/03/25 8:18 p.m.13 views

CVE-2026-33248

NATS-Server has an authentication bypass vulnerability in mTLS verify_and_map where certain RDN patterns in the client certificate Subject DN were not correctly enforced. A valid certificate from a trusted CA could bypass identity checks on versions prior to 2.11.15 and 2.12.6. The issue is consi...

4.2CVSS5.8AI score0.00143EPSS
CVE
CVE
added 5 days ago13 views

CVE-2026-58214

CVE-2026-58214 – NATS Server (MQTT subscribe ACL bypass) Prior to version 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protocol metadata for sessions in the a...

4.3CVSS5.9AI score0.00367EPSS
CVE
CVE
added 5 days ago13 views

CVE-2026-58252

CVE-2026-58252 affects NATS Server prior to versions 2.14.0, 2.12.7, and 2.11.16. An authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset of it; queue subscriptions could also affect delivery...

6.5CVSS6AI score0.00465EPSS
CVE
CVE
added 5 days ago12 views

CVE-2026-58209

NATS Server before versions 2.14.3 and 2.12.12 could deliver MQTT retained messages and QoS1+ durable replays to subscribers whose topics matched a deny rule, because delivery paths did not consistently re-check the original topic before sending MQTT PUBLISH. This issue is fixed in 2.14.3 and 2.1...

4.3CVSS6AI score0.00342EPSS
CVE
CVE
added 5 days ago12 views

CVE-2026-58253

NATS Server (affected: prior to 2.14.0, 2.12.7, and 2.11.16) contains a parser fast path vulnerability where no_auth_user handling could apply to route/leafnode listeners, enabling an unauthenticated peer to bypass inter‑server CONNECT authentication and operate with the privileges of that connec...

8.8CVSS6AI score0.00388EPSS
CVE
CVE
added 5 days ago12 views

CVE-2026-58254

NATS Server (affected components: leafnode message trace destination checks) could allow a leafnode operator to send trace events to subjects that should be disallowed and use trace-only behavior to interfere with delivery/storage. Root cause: checks were applied to ordinary client connections bu...

6.5CVSS5.9AI score0.00428EPSS
CVE
CVE
added 5 days ago10 views

CVE-2026-58210

CVE-2026-58210 affects NATS Server prior to versions 2.14.3 and 2.12.12. An unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completes, exhausting memory due to the parser waiting for the advertised MQTT packet length. The is...

7.5CVSS6AI score0.00732EPSS
CVE
CVE
added 5 days ago10 views

CVE-2026-58211

CVE-2026-58211 affects NATS Server. A vulnerable path allows a client to be registered as the configured no_auth_user via a parser path when the first client operation is not CONNECT, bypassing user-level connection restrictions such as allowed_connection_types or proxy_required. This could enabl...

5.4CVSS6AI score0.00292EPSS
CVE
CVE
added 5 days ago8 views

CVE-2026-58208

CVE-2026-58208 affects NATS Server. A WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with WebSocket access to reach an uninitialized MQTT state and crash the server process. This iss...

7.5CVSS6AI score0.00593EPSS
CVE
CVE
added 5 days ago8 views

CVE-2026-58250

CVE-2026-58250 affects NATS Server: an unauthenticated peer with access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by sending repeated leafnode INFO messages. The issue is fixed in versions 2.12.8 and 2.11.17 . Exploitat...

7.5CVSS5.9AI score0.00732EPSS
CVE
CVE
added 5 days ago8 views

CVE-2026-58251

CVE-2026-58251 affects NATS Server prior to version 2.14.0, 2.12.7, and 2.11.16. An authenticated user with subscription deny permissions could bypass a plain Subject deny rule by using a queue subscription, because queue-specific deny evaluation could override the plain subject deny result when ...

6.5CVSS6AI score0.00488EPSS
CVE
CVE
added 5 days ago7 views

CVE-2026-58207

CVE-2026-58207 affects NATS Server. A client sending account-scoped Connz pagination requests could cause an integer overflow in the pagination logic, crashing the server before the response window is bounded. Affected versions are before 2.14.3 and before 2.12.12; fixed releases are 2.14.3 and 2...

7.7CVSS6AI score0.0056EPSS