CVE-2026-33215

CVSS v3.1

6.5

Medium

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issue. No known workarounds are available.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-488

Related Identifiers

CVE-2026-33215

Affected Products

Nats Server

CVE-2026-33215

Weakness Enumeration

Related Identifiers

Affected Products

References · 3