CVE-2026-33215

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.15 NATS-Server versions prior to 2.12.6

Description NATS-Server, a high-performance server for NATS.io, a cloud and edge native messaging system, contains a flaw where sessions and messages can be hijacked via MQTT Client ID malfeasance. The nats-server provides an MQTT client interface. No workarounds are available.

Recommendations Update to version 2.11.15 or later. Update to version 2.12.6 or later.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-488CWE-287

Related Identifiers

BIT-NATS-2026-33215

CVE-2026-33215

GHSA-FCJP-H8CC-6879

GO-2026-4833

SUSE-SU-2026:1135-1

Affected Products

Nats Server

CVE-2026-33215

Weakness Enumeration

Related Identifiers

Affected Products

References · 158