CVE-2026-33248

Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.15 NATS-Server versions prior to 2.12.6

Description NATS-Server, a high-performance server for NATS.io, a cloud and edge native messaging system, has an issue where, when using mTLS for client identity with verify and map to derive a NATS identity from the client certificate's Subject DN, certain patterns of Relative Distinguished Name (RDN) are not correctly enforced, potentially allowing for authentication bypass. This requires a valid certificate from a trusted Certificate Authority (CA) and specific DN naming patterns. The maintainers consider exploitation unlikely, but sophisticated administrators with specific DN construction patterns might be impacted.

Recommendations Update NATS-Server to version 2.11.15 or later. Update NATS-Server to version 2.12.6 or later. Review CA issuing practices.