Nats-io Nats-server
15 CVEs affecting Nats-io Nats-server. Latest disclosed: 2026-03-25. Critical: 1, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-30215 | Critical | 9.6 | 2025-04-15 | NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11… |
CVE-2026-33216 | High | 8.6 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments usin… |
CVE-2026-33218 | High | 7.5 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connec… |
CVE-2026-29785 | High | 7.5 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has th… |
CVE-2026-27889 | High | 7.5 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.1… |
CVE-2026-33247 | High | 7.4 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run w… |
CVE-2026-33217 | High | 7.1 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on messag… |
CVE-2026-33215 | Medium | 6.5 | 2026-03-24 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to ver… |
CVE-2026-33223 | Medium | 6.4 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header `… |
CVE-2026-33246 | Medium | 6.4 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a `Nats-Request-Info:` message header, p… |
CVE-2026-27571 | Medium | 5.9 | 2026-02-24 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed mes… |
CVE-2026-33219 | Medium | 5.3 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which… |
CVE-2026-33222 | Medium | 4.9 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admi… |
CVE-2026-33249 | Medium | 4.3 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2… |
CVE-2026-33248 | Medium | 4.2 | 2026-03-25 | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for clien… |