Zarqman

**Name of the Vulnerable Software and Affected Versions** NATS-Server versions 2.2.0 through 2.10.27 NATS-Server versions prior to 2.11.1 **Description** The issue is related to the absence of access controls for the JetStream API in NATS-Server, allowing any user with JS management permissions in any account to perform certain administrative actions on any JS asset in any other account. At least one of the unprotected APIs allows for data destruction. None of the affected APIs allow disclosing stream contents. **Recommendations** For versions 2.2.0 through 2.10.27, update to version 2.10.27 or later. For versions prior to 2.11.1, update to version 2.11.1 or later. As a temporary workaround, consider restricting access to the JetStream API to minimize the risk of exploitation.