nats-io

Top products

The 15 most recently published vulnerabilities affecting nats-io.

• CVE-2026-33249NATS: Message tracing can be redirected to arbitrary subject4.3Mar 25, 2026
• CVE-2026-33223NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing6.4Mar 25, 2026
• CVE-2026-33248NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching4.2Mar 25, 2026
• CVE-2026-33222NATS JetStream has an authorization bypass through its Management API4.9Mar 25, 2026
• CVE-2026-33247NATS credentials are exposed in monitoring port via command-line argv7.4Mar 25, 2026
• CVE-2026-33219NATS is vulnerable to pre-auth DoS through WebSockets client service5.3Mar 25, 2026
• CVE-2026-33218NATS has pre-auth server panic via leafnode handling7.5Mar 25, 2026
• CVE-2026-33246NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers6.4Mar 25, 2026
• CVE-2026-33217NATS allows MQTT clients to bypass ACL checks7.1Mar 25, 2026
• CVE-2026-33216NATS has MQTT plaintext password disclosure8.6Mar 25, 2026
• CVE-2026-29785NATS Server panic via malicious compression on leafnode port7.5Mar 25, 2026
• CVE-2026-27889NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead7.5Mar 25, 2026
• CVE-2026-33215NATS is vulnerable to MQTT hijacking via Client ID6.5Mar 24, 2026
• CVE-2026-27571nats-server websockets are vulnerable to pre-auth memory DoS5.9Feb 24, 2026
• CVE-2025-30215NATS-Server Fails to Authorize Certain Jetstream Admin APIs9.6Apr 15, 2025