PT-2026-56565 · Nats.Io · Nats Server

Publicado

2026-07-08

·

Atualizado

2026-07-08

·

CVE-2026-58253

CVSS v3.1

8.8

Alta

VetorAV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when no auth user was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an unauthenticated peer to bypass inter-server CONNECT authentication and operate with the privileges associated with that connection type. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-58253

Produtos afetados

Nats Server