Github.Com Nats-Io Nats-Server vulnerabilities

CVE-2026-27571 [MEDIUM] CWE-409 nats-server websockets are vulnerable to pre-auth memory DoS nats-server websockets are vulnerable to pre-auth memory DoS ### Impact The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. The implementation bound the memory size of a NATS message but did not independently bound the memory consumption of the memory stream when constructing a NATS message which might then fail validation for size reasons. A

CVE-2022-28357 [CRITICAL] CWE-22 NATS nats-server allows directory traversal via unintended path to a management action NATS nats-server allows directory traversal via unintended path to a management action NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.

CVE-2020-28466 [HIGH] CWE-400 Denial of service in github.com/nats-io/nats-server/server Denial of service in github.com/nats-io/nats-server/server This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers - Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent serio