Auth bypass in Nats-io Nats-server
CVE-2026-58254
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arr…
Vulnerability class: Broken Access Control
Affected products
- Nats-io Nats-server — versions < 2.12.8, >= 2.14.0-RC.1, < 2.14.3
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_CONFIRM)