PT-2026-27612 · Nats · Nats Server

Published

2026-03-24

Updated

2026-05-21

CVE-2026-29785

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.14 NATS-Server versions prior to 2.12.5

Description NATS-Server, a high-performance messaging system, is susceptible to a server panic when configured as a leafnode. This occurs pre-authentication and requires compression to be enabled, which is the default setting when leafnodes are used. A remote attacker who can connect to the server can trigger this panic, potentially causing a denial-of-service condition. The issue arises from the negotiation of compression in the leafnode configuration, allowing a malicious NATS server to exploit the vulnerability.

Recommendations Versions prior to 2.11.14 should be updated to version 2.11.14 or later. Versions prior to 2.12.5 should be updated to version 2.12.5 or later. As a workaround, disable compression on the leafnode port by adding the following configuration:

leafnodes {
 port: 7422
 compression: off
}

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BIT-NATS-2026-29785

CVE-2026-29785

GHSA-52JH-2XXH-PWH6

GO-2026-4829

SUSE-SU-2026:1135-1

Affected Products

Nats Server

PT-2026-27612 · Nats · Nats Server

CVE-2026-29785

Weakness Enumeration

Related Identifiers

Affected Products

References · 158