Github.Com Nats-Io Nats-Server V2 vulnerabilities
27 known vulnerabilities affecting github.com/nats-io_nats-server_v2.
Total CVEs
27
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH15MEDIUM8LOW1UNKNOWN1
Vulnerabilities
Page 2 of 2
CVE-2026-33247P3HIGH≥ 0, < 2.11.15≥ 2.12.0-RC.1, < 2.12.62026-03-24
CVE-2026-33247 [HIGH] CWE-215 NATS credentials are exposed in monitoring port via command-line argv
NATS credentials are exposed in monitoring port via command-line argv
### Background
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.
The nats-server provides an optional monitoring port, which provides access to sensitive data. The nats-server can take certain configuration options on the command-l
ghsaosv
CVE-2026-33223P4MEDIUM≥ 0, < 2.11.15≥ 2.12.0-RC.1, < 2.12.62026-03-24
CVE-2026-33223 [MEDIUM] CWE-290 NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing
NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing
### Background
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.
The nats-server offers a `Nats-Request-Info:` message header, providing information about a request.
### Problem Description
The
ghsaosv
CVE-2026-33246P4MEDIUM≥ 0, < 2.11.15≥ 2.12.0-RC.1, < 2.12.62026-03-24
CVE-2026-33246 [MEDIUM] CWE-287 NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers
NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers
### Background
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.
The nats-server allows hub/spoke topologies using "leafnode" connections by other nats-servers. NATS messages can have headers.
### Problem Des
ghsaosv
CVE-2026-33222P4MEDIUM≥ 0, < 2.11.15≥ 2.12.0-RC.1, < 2.12.62026-03-24
CVE-2026-33222 [MEDIUM] CWE-285 NATS JetStream has an authorization bypass through its Management API
NATS JetStream has an authorization bypass through its Management API
### Background
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.
The persistent storage feature, JetStream, has a management API which has many features, amongst which are backup and restore.
### Problem Description
Users with
ghsaosv
CVE-2026-33249P4MEDIUM≥ 2.11.0, < 2.11.15≥ 2.12.0-preview.1, < 2.12.62026-03-24
CVE-2026-33249 [MEDIUM] CWE-863 NATS: Message tracing can be redirected to arbitrary subject
NATS: Message tracing can be redirected to arbitrary subject
### Background
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.
The nats-server supports telemetry on messages, using the per-message NATS headers.
### Problem Description
A valid client which uses message tracing headers can indicate that the
ghsaosv
CVE-2026-33248P4MEDIUM≥ 0, < 2.11.15≥ 2.12.0-RC.1, < 2.12.62026-03-24
CVE-2026-33248 [MEDIUM] CWE-287 NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching
NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching
### Background
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.
One authentication model supported is mTLS, deriving the NATS client identity from properties of the TLS Client Certificate.
### Prob
ghsaosv
CVE-2021-32026LOW≥ 0, < 2.2.32024-05-14
CVE-2021-32026 [LOW] NATS server TLS missing ciphersuite settings when CLI flags used
NATS server TLS missing ciphersuite settings when CLI flags used
(This advisory is canonically )
### Problem Description
The NATS server by default uses a restricted set of modern ciphersuites for TLS. This selection can be overridden through configuration. The defaults include just RSA and ECDSA with either AES/GCM with a SHA2 digest or ChaCha20/Poly1305.
The configuration system allows for extensive use o
ghsaosv
← Previous2 / 2