Vulnerability in Nats-io Nats-server
CVE-2026-58213
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NAT…
CVSS v3 metric
CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N.
Affected products
- Nats-io Nats-server — versions < 2.12.9, >= 2.14.0-RC.1, < 2.14.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2026-58213?
- CVE-2026-58213 is a high-severity vulnerability in Nats-io Nats-server, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 7.1/10. Published 2026-07-08.
- How severe is CVE-2026-58213?
- High severity. CVSS v3 base score is 7.1 out of 10.