CVE-2021-32026

Name of the Vulnerable Software and Affected Versions nats-server versions prior to 2.2.3

Description The issue concerns cryptographic problems in the nats-server, where the use of CLI flags to set TLS parameters overrides the default restricted ciphersuite settings, potentially allowing clients to negotiate unexpected TLS ciphersuites. This could compromise security, particularly for local attackers. The estimated number of potentially affected devices is not specified.

Recommendations For versions prior to 2.2.3, upgrade the NATS server to remediate the issue. As a temporary workaround, consider using a configuration file to set the TLS parameters instead of command-line options.