7.5
CVE-2026-33218
- EPSS 0.62%
- Veröffentlicht 25.03.2026 19:53:12
- Zuletzt bearbeitet 30.06.2026 03:18:38
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
NATS has pre-auth server panic via leafnode handling
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-authentication. Versions 2.11.15 and 2.12.6 contain a fix. As a workaround, disable leafnode support if not needed or restrict network connections to the leafnode port, if plausible without compromising the service offered.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linuxfoundation ≫ Nats-server Version < 2.11.15
Linuxfoundation ≫ Nats-server Version >= 2.12.0 < 2.12.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.62% | 0.45 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-1286 Improper Validation of Syntactic Correctness of Input
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://github.com/nats-io/nats-server/security/advisories/GHSA-vprv-35vv-q339
https://advisories.nats.io/CVE/secnote-2026-10.txt
https://access.redhat.com/errata/RHSA-2026:21769
https://access.redhat.com/errata/RHSA-2026:22347
https://access.redhat.com/errata/RHSA-2026:23345
https://access.redhat.com/security/cve/CVE-2026-33218
https://bugzilla.redhat.com/show_bug.cgi?id=2451450
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33218.json