| CVE-2026-27889 |
unknown |
— |
— |
|
|
|
2mo ago |
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSock… |
| CVE-2026-33248 |
unknown |
— |
— |
|
|
|
2mo ago |
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with `verify_and_map` to der… |
| CVE-2026-33246 |
unknown |
— |
— |
|
|
|
2mo ago |
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a `Nats-Request-Info:` message header, providing information about a request. Th… |
| CVE-2026-33223 |
unknown |
— |
— |
|
|
|
2mo ago |
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header `Nats-Request-Info:` is supposed to be a … |
| CVE-2026-33222 |
unknown |
— |
— |
|
|
|
2mo ago |
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could… |
| CVE-2026-33219 |
unknown |
— |
— |
|
|
|
2mo ago |
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can c… |
| CVE-2026-33218 |
unknown |
— |
— |
|
|
|
2mo ago |
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nat… |
| CVE-2026-33217 |
unknown |
— |
— |
|
|
|
2mo ago |
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied … |
| CVE-2026-33216 |
unknown |
— |
— |
|
|
|
2mo ago |
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords ar… |
| CVE-2026-33215 |
unknown |
— |
— |
|
|
|
2mo ago |
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and M… |
| CVE-2026-29785 |
unknown |
— |
— |
|
|
|
2mo ago |
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled (not … |
| CVE-2026-33247 |
unknown |
— |
— |
|
|
|
2mo ago |
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients p… |
| CVE-2026-33249 |
unknown |
— |
— |
|
|
|
2mo ago |
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message … |
| CVE-2026-27571 |
unknown |
— |
— |
|
|
|
3mo ago |
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated comp… |
| CVE-2025-30215 |
unknown |
— |
— |
|
|
|
1y ago |
NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets h… |
| CVE-2022-29946 |
unknown |
— |
— |
|
|
|
2y ago |
NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one sc… |
| CVE-2023-46129 |
unknown |
— |
— |
|
|
|
3y ago |
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recent… |
| CVE-2023-47090 |
unknown |
— |
— |
|
|
|
3y ago |
NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the int… |
| CVE-2022-28357 |
unknown |
— |
— |
|
|
|
3y ago |
NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account. |
| CVE-2022-26652 |
unknown |
— |
— |
|
|
|
4y ago |
NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected. |
| CVE-2020-28466 |
unknown |
— |
— |
|
|
|
4y ago |
This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer fro… |
| CVE-2021-3127 |
unknown |
— |
— |
|
|
|
4y ago |
NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled. |
| CVE-2022-24450 |
unknown |
— |
— |
|
|
|
4y ago |
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature. |
| CVE-2019-13126 |
unknown |
— |
— |
|
|
|
5y ago |
An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authe… |