Vulnerability in Nats-io Nats-server

CVE-2026-58213

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NAT…

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-58213?
CVE-2026-58213 is a high-severity vulnerability in Nats-io Nats-server, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 7.1/10. Published 2026-07-08.
How severe is CVE-2026-58213?
High severity. CVSS v3 base score is 7.1 out of 10.