Philpennock

**Name of the Vulnerable Software and Affected Versions** NATS-Server versions prior to 2.11.15 NATS-Server versions prior to 2.12.6 **Description** NATS-Server, a high-performance server for NATS.io, a cloud and edge native messaging system, contains a flaw where sessions and messages can be hijacked via MQTT Client ID malfeasance. The nats-server provides an MQTT client interface. No workarounds are available. **Recommendations** Update to version 2.11.15 or later. Update to version 2.12.6 or later.