nats-io — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting nats-io. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by nats-io:nats-server nkeys

CVE ID	Title	CVSS	Severity	Published
CVE-2026-33249	NATS: Message tracing can be redirected to arbitrary subject — nats-serverCWE-863	4.3	Medium	2026-03-25
CVE-2026-33223	NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing — nats-serverCWE-290	6.4	Medium	2026-03-25
CVE-2026-33248	NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching — nats-serverCWE-287	4.2	Medium	2026-03-25
CVE-2026-33222	NATS JetStream has an authorization bypass through its Management API — nats-serverCWE-285	4.9	Medium	2026-03-25
CVE-2026-33247	NATS credentials are exposed in monitoring port via command-line argv — nats-serverCWE-215	7.4	High	2026-03-25
CVE-2026-33219	NATS is vulnerable to pre-auth DoS through WebSockets client service — nats-serverCWE-770	5.3	Medium	2026-03-25
CVE-2026-33218	NATS has pre-auth server panic via leafnode handling — nats-serverCWE-20	7.5	High	2026-03-25
CVE-2026-33246	NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers — nats-serverCWE-287	6.4	Medium	2026-03-25
CVE-2026-33217	NATS allows MQTT clients to bypass ACL checks — nats-serverCWE-863	7.1	High	2026-03-25
CVE-2026-33216	NATS has MQTT plaintext password disclosure — nats-serverCWE-256	8.6	High	2026-03-25
CVE-2026-29785	NATS Server panic via malicious compression on leafnode port — nats-serverCWE-476	7.5	High	2026-03-25
CVE-2026-27889	NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead — nats-serverCWE-190	7.5	High	2026-03-25
CVE-2026-33215	NATS is vulnerable to MQTT hijacking via Client ID — nats-serverCWE-287	6.5	Medium	2026-03-24
CVE-2026-27571	nats-server websockets are vulnerable to pre-auth memory DoS — nats-serverCWE-409	5.9	Medium	2026-02-24
CVE-2025-30215	NATS-Server Fails to Authorize Certain Jetstream Admin APIs — nats-serverCWE-306	9.6	Critical	2025-04-15
CVE-2023-46129	xkeys Seal encryption used fixed key for all encryption — nkeysCWE-321	7.5	High	2023-10-30

This page lists every published CVE security advisory associated with nats-io. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

nats-io — Vulnerabilities & Security Advisories 16