PT-2026-27519 · Nats.Io · Nats Server

Philpennock

·

Publicado

2026-03-24

·

Atualizado

2026-05-21

·

CVE-2026-33215

CVSS v3.1

6.5

Média

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.15 NATS-Server versions prior to 2.12.6
Description NATS-Server, a high-performance server for NATS.io, a cloud and edge native messaging system, contains a flaw where sessions and messages can be hijacked via MQTT Client ID malfeasance. The nats-server provides an MQTT client interface. No workarounds are available.
Recommendations Update to version 2.11.15 or later. Update to version 2.12.6 or later.

Exploit

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-488CWE-287

Identificadores relacionados

BIT-NATS-2026-33215
CVE-2026-33215
GHSA-FCJP-H8CC-6879
GO-2026-4833
SUSE-SU-2026:1135-1

Produtos afetados

Nats Server