MEDIUM🇬🇧 English

CVE-2026-33215

CVSS 6.5v3.1pub. 2026-03-24upd. 2026-03-26

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issue. No known workarounds are available.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
  • Linuxfoundation Nats Server

    APP
    Linuxfoundation
    2.0.0 – 2.11.15 (bez)2.12.0 – 2.12.5 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2022-28357CRITICAL9.8ten sam produkt

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management ...

CVE-2020-26892CRITICAL9.8ten sam produkt

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentia...

CVE-2026-27889HIGH7.5ten sam produkt

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in ve...

CVE-2026-29785HIGH7.5ten sam produkt

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versi...

CVE-2026-33216HIGH8.6ten sam produkt

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versi...