cbcvebase.

Github.Com Nats-Io Nats-Server V2 vulnerabilities

27 known vulnerabilities affecting github.com/nats-io_nats-server_v2.

Total CVEs
27
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH15MEDIUM8LOW1UNKNOWN1

Vulnerabilities

Page 2 of 2
CVE-2026-33247P3HIGH≥ 0, < 2.11.15≥ 2.12.0-RC.1, < 2.12.62026-03-24
CVE-2026-33247 [HIGH] CWE-215 NATS credentials are exposed in monitoring port via command-line argv NATS credentials are exposed in monitoring port via command-line argv ### Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server provides an optional monitoring port, which provides access to sensitive data. The nats-server can take certain configuration options on the command-l
ghsaosv
CVE-2026-33223P4MEDIUM≥ 0, < 2.11.15≥ 2.12.0-RC.1, < 2.12.62026-03-24
CVE-2026-33223 [MEDIUM] CWE-290 NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing ### Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server offers a `Nats-Request-Info:` message header, providing information about a request. ### Problem Description The
ghsaosv
CVE-2026-33246P4MEDIUM≥ 0, < 2.11.15≥ 2.12.0-RC.1, < 2.12.62026-03-24
CVE-2026-33246 [MEDIUM] CWE-287 NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers ### Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server allows hub/spoke topologies using "leafnode" connections by other nats-servers. NATS messages can have headers. ### Problem Des
ghsaosv
CVE-2026-33222P4MEDIUM≥ 0, < 2.11.15≥ 2.12.0-RC.1, < 2.12.62026-03-24
CVE-2026-33222 [MEDIUM] CWE-285 NATS JetStream has an authorization bypass through its Management API NATS JetStream has an authorization bypass through its Management API ### Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The persistent storage feature, JetStream, has a management API which has many features, amongst which are backup and restore. ### Problem Description Users with
ghsaosv
CVE-2026-33249P4MEDIUM≥ 2.11.0, < 2.11.15≥ 2.12.0-preview.1, < 2.12.62026-03-24
CVE-2026-33249 [MEDIUM] CWE-863 NATS: Message tracing can be redirected to arbitrary subject NATS: Message tracing can be redirected to arbitrary subject ### Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server supports telemetry on messages, using the per-message NATS headers. ### Problem Description A valid client which uses message tracing headers can indicate that the
ghsaosv
CVE-2026-33248P4MEDIUM≥ 0, < 2.11.15≥ 2.12.0-RC.1, < 2.12.62026-03-24
CVE-2026-33248 [MEDIUM] CWE-287 NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching ### Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. One authentication model supported is mTLS, deriving the NATS client identity from properties of the TLS Client Certificate. ### Prob
ghsaosv
CVE-2021-32026LOW≥ 0, < 2.2.32024-05-14
CVE-2021-32026 [LOW] NATS server TLS missing ciphersuite settings when CLI flags used NATS server TLS missing ciphersuite settings when CLI flags used (This advisory is canonically ) ### Problem Description The NATS server by default uses a restricted set of modern ciphersuites for TLS. This selection can be overridden through configuration. The defaults include just RSA and ECDSA with either AES/GCM with a SHA2 digest or ChaCha20/Poly1305. The configuration system allows for extensive use o
ghsaosv
Github.Com Nats-Io Nats-Server V2 vulnerabilities | cvebase