MEDIUM🇵🇱 Wersja polska

CVE-2026-33215

CVSS 6.5v3.1pub. 2026-03-24upd. 2026-03-26

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issue. No known workarounds are available.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
  • Linuxfoundation Nats Server

    APP
    Linuxfoundation
    2.0.0 – 2.11.15 (bez)2.12.0 – 2.12.5 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2022-28357CRITICAL9.8ten sam produkt

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management ...

CVE-2020-26892CRITICAL9.8ten sam produkt

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentia...

CVE-2026-27889HIGH7.5ten sam produkt

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in ve...

CVE-2026-29785HIGH7.5ten sam produkt

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versi...

CVE-2026-33216HIGH8.6ten sam produkt

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versi...