PT-2026-56561 · Nats.Io · Nats Server

Publicado

2026-07-08

·

Atualizado

2026-07-08

·

CVE-2026-58213

CVSS v3.1

7.1

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupting the forwarded protocol stream and allowing injection of unintended NATS protocol operations. This issue is fixed in versions 2.14.1 and 2.12.9.

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-58213

Produtos afetados

Nats Server