Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1169 vulnerabilities by linuxfoundation

    CVE-2026-58211 (GCVE-0-2026-58211)

    Vulnerability from nvd – Published: 2026-07-08 20:16 – Updated: 2026-07-09 14:27
    VLAI
    Title
    NATS Server: `no_auth_user` pre-CONNECT fast path bypasses user connection restrictions
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured no_auth_user through a parser path used when the first client operation was not CONNECT, bypassing user-level connection restrictions such as allowed_connection_types or proxy_required that normal authentication would apply. This issue is fixed in versions 2.14.3 and 2.12.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.12.12
    Affected: >= 2.14.0-RC.1, < 2.14.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58211",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:27:18.977045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:27:25.118Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.12.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured no_auth_user through a parser path used when the first client operation was not CONNECT, bypassing user-level connection restrictions such as allowed_connection_types or proxy_required that normal authentication would apply. This issue is fixed in versions 2.14.3 and 2.12.12."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:16:25.262Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-hmmp-q8cx-v964",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-hmmp-q8cx-v964"
            }
          ],
          "source": {
            "advisory": "GHSA-hmmp-q8cx-v964",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: `no_auth_user` pre-CONNECT fast path bypasses user connection restrictions"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58211",
        "datePublished": "2026-07-08T20:16:25.262Z",
        "dateReserved": "2026-06-29T17:09:25.872Z",
        "dateUpdated": "2026-07-09T14:27:25.118Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58208 (GCVE-0-2026-58208)

    Vulnerability from nvd – Published: 2026-07-08 20:17 – Updated: 2026-07-09 14:04
    VLAI
    Title
    NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with access to the WebSocket listener to reach uninitialized MQTT state and crash the server process. This issue is fixed in versions 2.14.3 and 2.12.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: >= 2.14.0-RC.1, < 2.14.3
    Affected: < 2.12.12
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58208",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:04:07.392572Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:04:28.045Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2.12.12"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with access to the WebSocket listener to reach uninitialized MQTT state and crash the server process. This issue is fixed in versions 2.14.3 and 2.12.12."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248: Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:17:39.187Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-p957-7v2w-g93g",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-p957-7v2w-g93g"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/73b3dd9a5ea0fa7bf08b702338676355b29b5fb4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/73b3dd9a5ea0fa7bf08b702338676355b29b5fb4"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/837536b98b3a9280b993282155ff2bdd3ca38c30",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/837536b98b3a9280b993282155ff2bdd3ca38c30"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3"
            }
          ],
          "source": {
            "advisory": "GHSA-p957-7v2w-g93g",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58208",
        "datePublished": "2026-07-08T20:17:39.187Z",
        "dateReserved": "2026-06-29T17:09:25.872Z",
        "dateUpdated": "2026-07-09T14:04:28.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58207 (GCVE-0-2026-58207)

    Vulnerability from nvd – Published: 2026-07-08 20:15 – Updated: 2026-07-09 14:41
    VLAI
    Title
    NATS Server: Remote crash via integer overflow in Connz pagination
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal arithmetic before the response window was safely bounded. This issue is fixed in versions 2.14.3 and 2.12.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.12.12
    Affected: >= 2.14.0-RC.1, < 2.14.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58207",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:21:06.599044Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:41:02.162Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.12.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal arithmetic before the response window was safely bounded. This issue is fixed in versions 2.14.3 and 2.12.12."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:15:31.082Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-q59r-vq66-pxc2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-q59r-vq66-pxc2"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/2ae047139e37a38cb01e259a67909e7a39fa38e9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/2ae047139e37a38cb01e259a67909e7a39fa38e9"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/894d9411927681d66ce349bf1afe49608dc0c1a3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/894d9411927681d66ce349bf1afe49608dc0c1a3"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3"
            }
          ],
          "source": {
            "advisory": "GHSA-q59r-vq66-pxc2",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: Remote crash via integer overflow in Connz pagination"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58207",
        "datePublished": "2026-07-08T20:15:31.082Z",
        "dateReserved": "2026-06-29T17:09:25.872Z",
        "dateUpdated": "2026-07-09T14:41:02.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58254 (GCVE-0-2026-58254)

    Vulnerability from nvd – Published: 2026-07-08 19:56 – Updated: 2026-07-09 13:38
    VLAI
    Title
    NATS Server: Incomplete fix for CVE-2026-33249: Leaf node connections bypass Nats-Trace-Dest permission check
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode operator to send trace events to subjects that would not otherwise be permitted and to use trace-only behavior to prevent normal delivery or storage of affected messages. This issue is fixed in versions 2.14.3 and 2.12.8.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.12.8
    Affected: >= 2.14.0-RC.1, < 2.14.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58254",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:38:04.787145Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:38:17.588Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.12.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode operator to send trace events to subjects that would not otherwise be permitted and to use trace-only behavior to prevent normal delivery or storage of affected messages. This issue is fixed in versions 2.14.3 and 2.12.8."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:56:58.311Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-p3j5-5hrq-p75h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-p3j5-5hrq-p75h"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/cbe845932980b71563efac5cfa4cc751c88936cd",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/cbe845932980b71563efac5cfa4cc751c88936cd"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.8"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3"
            }
          ],
          "source": {
            "advisory": "GHSA-p3j5-5hrq-p75h",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: Incomplete fix for CVE-2026-33249: Leaf node connections bypass Nats-Trace-Dest permission check"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58254",
        "datePublished": "2026-07-08T19:56:58.311Z",
        "dateReserved": "2026-06-29T21:54:30.330Z",
        "dateUpdated": "2026-07-09T13:38:17.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58253 (GCVE-0-2026-58253)

    Vulnerability from nvd – Published: 2026-07-08 19:43 – Updated: 2026-07-09 13:35
    VLAI
    Title
    NATS Server: Route API Auth Bypass
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when no_auth_user was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an unauthenticated peer to bypass inter-server CONNECT authentication and operate with the privileges associated with that connection type. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.11.16
    Affected: >= 2.12.0-preview.1, < 2.12.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:35:15.515260Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:35:24.068Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.11.16"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.12.0-preview.1, \u003c 2.12.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when no_auth_user was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an unauthenticated peer to bypass inter-server CONNECT authentication and operate with the privileges associated with that connection type. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:43:13.776Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-38x3-76xf-cq45",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-38x3-76xf-cq45"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/7b81dd455ea95960090a84858c7662827948d1b6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/7b81dd455ea95960090a84858c7662827948d1b6"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/8b8e1ad4ceed32321e00d4fc6e76be05bc13bca6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/8b8e1ad4ceed32321e00d4fc6e76be05bc13bca6"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/b86147e81710a52b72a7f7275f91d69f723f5cb3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/b86147e81710a52b72a7f7275f91d69f723f5cb3"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.11.16",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.11.16"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.7"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.0"
            }
          ],
          "source": {
            "advisory": "GHSA-38x3-76xf-cq45",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: Route API Auth Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58253",
        "datePublished": "2026-07-08T19:43:13.776Z",
        "dateReserved": "2026-06-29T21:54:30.330Z",
        "dateUpdated": "2026-07-09T13:35:24.068Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58252 (GCVE-0-2026-58252)

    Vulnerability from nvd – Published: 2026-07-08 19:46 – Updated: 2026-07-09 13:34
    VLAI
    Title
    NATS Server: Subscribe Authz Bypass via Wildcard-Overlap
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset of it, and queue subscriptions could also affect delivery to legitimate queue consumers. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.11.16
    Affected: >= 2.12.0-preview.1, < 2.12.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58252",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:34:18.644909Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:34:28.023Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.11.16"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.12.0-preview.1, \u003c 2.12.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset of it, and queue subscriptions could also affect delivery to legitimate queue consumers. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:46:54.572Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-wh7g-5m82-pmhr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-wh7g-5m82-pmhr"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/8ced85a11497f86704a95d960281480ce037386b",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/8ced85a11497f86704a95d960281480ce037386b"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/a42a6d1e258eb5c3a2190384d31965a4b715e854",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/a42a6d1e258eb5c3a2190384d31965a4b715e854"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/e611ca9604697b02d8f22beb76037400a9cf72e6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/e611ca9604697b02d8f22beb76037400a9cf72e6"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.11.16",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.11.16"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.7"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.0"
            }
          ],
          "source": {
            "advisory": "GHSA-wh7g-5m82-pmhr",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: Subscribe Authz Bypass via Wildcard-Overlap"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58252",
        "datePublished": "2026-07-08T19:46:10.380Z",
        "dateReserved": "2026-06-29T21:54:30.330Z",
        "dateUpdated": "2026-07-09T13:34:28.023Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58251 (GCVE-0-2026-58251)

    Vulnerability from nvd – Published: 2026-07-08 19:40 – Updated: 2026-07-09 13:40
    VLAI
    Title
    NATS Server: Queue Subscribe Authz Bypass
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny evaluation could override the plain subject deny result when the queue name itself was not denied. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.11.16
    Affected: >= 2.12.0-RC.1, < 2.12.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58251",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:40:09.306056Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:40:28.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.11.16"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.12.0-RC.1, \u003c 2.12.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny evaluation could override the plain subject deny result when the queue name itself was not denied. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:40:28.308Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-jx8g-9g95-6322",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-jx8g-9g95-6322"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/013586288078def45a6788096924eb4d150db65c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/013586288078def45a6788096924eb4d150db65c"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/79c2f6e9ff87f594596337b6427dda85c38d1fe1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/79c2f6e9ff87f594596337b6427dda85c38d1fe1"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/b9ffb63b85e7db3d25a13b2e234f5f7f7c13164d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/b9ffb63b85e7db3d25a13b2e234f5f7f7c13164d"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.11.16",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.11.16"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.7"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.0"
            }
          ],
          "source": {
            "advisory": "GHSA-jx8g-9g95-6322",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: Queue Subscribe Authz Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58251",
        "datePublished": "2026-07-08T19:40:28.308Z",
        "dateReserved": "2026-06-29T21:54:30.330Z",
        "dateUpdated": "2026-07-09T13:40:28.073Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58250 (GCVE-0-2026-58250)

    Vulnerability from nvd – Published: 2026-07-08 19:48 – Updated: 2026-07-09 13:33
    VLAI
    Title
    NATS Server: Pre-auth server crash via double INFO in leafnode handshake
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by sending repeated leafnode INFO protocol messages before authentication and account setup completed. This issue is fixed in versions 2.12.8 and 2.11.17.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.11.17
    Affected: >= 2.12.0-preview.1, < 2.12.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58250",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:33:35.375405Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:33:45.059Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.11.17"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.12.0-preview.1, \u003c 2.12.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by sending repeated leafnode INFO protocol messages before authentication and account setup completed. This issue is fixed in versions 2.12.8 and 2.11.17."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:48:55.058Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-3g5q-cfh2-cq67",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-3g5q-cfh2-cq67"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/8dcb26eaea78fdcbe96dbee5986d6019fd5cb94a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/8dcb26eaea78fdcbe96dbee5986d6019fd5cb94a"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/fc5fe39177533e9dbdd651d2458285bfae1dde27",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/fc5fe39177533e9dbdd651d2458285bfae1dde27"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.11.17",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.11.17"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.8"
            }
          ],
          "source": {
            "advisory": "GHSA-3g5q-cfh2-cq67",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: Pre-auth server crash via double INFO in leafnode handshake"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58250",
        "datePublished": "2026-07-08T19:48:55.058Z",
        "dateReserved": "2026-06-29T21:54:30.330Z",
        "dateUpdated": "2026-07-09T13:33:45.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58214 (GCVE-0-2026-58214)

    Vulnerability from nvd – Published: 2026-07-08 20:06 – Updated: 2026-07-09 13:32
    VLAI
    Title
    NATS Server: MQTT subscribe ACL bypass via $MQTT.deliver.pubrel prefix (incomplete fix for CVE-2026-33217)
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protocol metadata for sessions in the account. This issue is fixed in versions 2.14.3 and 2.12.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.12.12
    Affected: >= 2.14.0-RC.1, < 2.14.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58214",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:32:18.907165Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:32:36.057Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.12.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protocol metadata for sessions in the account. This issue is fixed in versions 2.14.3 and 2.12.12."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:06:34.794Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-4g68-3pwx-5vfj",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-4g68-3pwx-5vfj"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/297b166be60fe13144084eed4b25201ead03204a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/297b166be60fe13144084eed4b25201ead03204a"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/34b09657bb596d5f850eaa5cfc97ea6b2f989a97",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/34b09657bb596d5f850eaa5cfc97ea6b2f989a97"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3"
            }
          ],
          "source": {
            "advisory": "GHSA-4g68-3pwx-5vfj",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: MQTT subscribe ACL bypass via $MQTT.deliver.pubrel prefix (incomplete fix for CVE-2026-33217)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58214",
        "datePublished": "2026-07-08T20:06:34.794Z",
        "dateReserved": "2026-06-29T17:09:25.873Z",
        "dateUpdated": "2026-07-09T13:32:36.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58213 (GCVE-0-2026-58213)

    Vulnerability from nvd – Published: 2026-07-08 19:52 – Updated: 2026-07-09 13:33
    VLAI
    Title
    NATS Server: MQTT SUBSCRIBE Protocol Injection via Leaf Node/Route Forwarding allows arbitrary NATS command injection
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupting the forwarded protocol stream and allowing injection of unintended NATS protocol operations. This issue is fixed in versions 2.14.1 and 2.12.9.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.12.9
    Affected: >= 2.14.0-RC.1, < 2.14.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58213",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:32:57.416842Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:33:07.155Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.12.9"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0-RC.1, \u003c 2.14.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupting the forwarded protocol stream and allowing injection of unintended NATS protocol operations. This issue is fixed in versions 2.14.1 and 2.12.9."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:52:12.148Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrcv-3558-gj4f",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrcv-3558-gj4f"
            },
            {
              "name": "https://github.com/nats-io/nats-server/pull/8163",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/pull/8163"
            },
            {
              "name": "https://github.com/nats-io/nats-server/pull/8164",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/pull/8164"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/366837cfc65ab9ccb4f98193c65e8daf238582d8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/366837cfc65ab9ccb4f98193c65e8daf238582d8"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/64ebae40051ee497c481e10f316238faf0de1736",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/64ebae40051ee497c481e10f316238faf0de1736"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/f14856b9e57a36818f43851cb69b6e33670885c9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/f14856b9e57a36818f43851cb69b6e33670885c9"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.9"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.1"
            }
          ],
          "source": {
            "advisory": "GHSA-qrcv-3558-gj4f",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: MQTT SUBSCRIBE Protocol Injection via Leaf Node/Route Forwarding allows arbitrary NATS command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58213",
        "datePublished": "2026-07-08T19:52:12.148Z",
        "dateReserved": "2026-06-29T17:09:25.873Z",
        "dateUpdated": "2026-07-09T13:33:07.155Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58210 (GCVE-0-2026-58210)

    Vulnerability from nvd – Published: 2026-07-08 20:13 – Updated: 2026-07-09 13:29
    VLAI
    Title
    NATS Server: MQTT partial CONNECT packets can exhaust pre-auth memory
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the parser waited for the advertised MQTT packet length. This issue is fixed in versions 2.14.3 and 2.12.12.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.12.12
    Affected: >= 2.14.0-RC.1, < 2.14.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58210",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:29:25.711675Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:29:36.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.12.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the parser waited for the advertised MQTT packet length. This issue is fixed in versions 2.14.3 and 2.12.12."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:13:37.082Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-r72h-j7qq-v6qg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-r72h-j7qq-v6qg"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/bce9ef39469e610aeddb819194ceb7f7edfc0861",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/bce9ef39469e610aeddb819194ceb7f7edfc0861"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/e016e47bbf70304945f2ae9dc397e4862adefaf5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/e016e47bbf70304945f2ae9dc397e4862adefaf5"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3"
            }
          ],
          "source": {
            "advisory": "GHSA-r72h-j7qq-v6qg",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: MQTT partial CONNECT packets can exhaust pre-auth memory"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58210",
        "datePublished": "2026-07-08T20:13:37.082Z",
        "dateReserved": "2026-06-29T17:09:25.872Z",
        "dateUpdated": "2026-07-09T13:29:36.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58209 (GCVE-0-2026-58209)

    Vulnerability from nvd – Published: 2026-07-08 20:12 – Updated: 2026-07-09 13:31
    VLAI
    Title
    NATS Server: MQTT retained and QoS replay bypass subscribe deny filters
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these delivery paths did not consistently recheck the concrete original topic before sending the MQTT PUBLISH to the subscriber. This issue is fixed in versions 2.14.3 and 2.12.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.12.12
    Affected: >= 2.14.0-RC.1, < 2.14.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58209",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:30:43.243356Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:31:07.445Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.12.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these delivery paths did not consistently recheck the concrete original topic before sending the MQTT PUBLISH to the subscriber. This issue is fixed in versions 2.14.3 and 2.12.12."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:12:11.240Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-7qmq-8cc4-hxwg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-7qmq-8cc4-hxwg"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/181b1f51f40b9954c57e9d478e051fb257679356",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/181b1f51f40b9954c57e9d478e051fb257679356"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/1c429b6fdc5afd4188cc5faf1127f6334896cd87",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/1c429b6fdc5afd4188cc5faf1127f6334896cd87"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3"
            }
          ],
          "source": {
            "advisory": "GHSA-7qmq-8cc4-hxwg",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: MQTT retained and QoS replay bypass subscribe deny filters"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58209",
        "datePublished": "2026-07-08T20:12:11.240Z",
        "dateReserved": "2026-06-29T17:09:25.872Z",
        "dateUpdated": "2026-07-09T13:31:07.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44512 (GCVE-0-2026-44512)

    Vulnerability from nvd – Published: 2026-07-08 19:32 – Updated: 2026-07-09 13:36
    VLAI
    Title
    ONNX: Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)
    Summary
    Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() in onnx/version_converter/adapters/upsample_6_7.h when processing an untrusted model with an Upsample node that has zero inputs, causing an unrecoverable denial of service. This issue is fixed in version 1.22.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    onnx onnx Affected: >= 1.9.0, < 1.22.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44512",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:36:51.723168Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:36:58.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/onnx/onnx/security/advisories/GHSA-hwpq-hmq9-wj77"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "onnx",
              "vendor": "onnx",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.22.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() in onnx/version_converter/adapters/upsample_6_7.h when processing an untrusted model with an Upsample node that has zero inputs, causing an unrecoverable denial of service. This issue is fixed in version 1.22.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:32:04.886Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/onnx/onnx/security/advisories/GHSA-hwpq-hmq9-wj77",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/onnx/onnx/security/advisories/GHSA-hwpq-hmq9-wj77"
            },
            {
              "name": "https://github.com/onnx/onnx/pull/7813",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/onnx/onnx/pull/7813"
            },
            {
              "name": "https://github.com/onnx/onnx/commit/cd310408165ad47c3cd7eb2b86cb5b80aa2e4fdf",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/onnx/onnx/commit/cd310408165ad47c3cd7eb2b86cb5b80aa2e4fdf"
            },
            {
              "name": "https://github.com/onnx/onnx/releases/tag/v1.22.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/onnx/onnx/releases/tag/v1.22.0"
            }
          ],
          "source": {
            "advisory": "GHSA-hwpq-hmq9-wj77",
            "discovery": "UNKNOWN"
          },
          "title": "ONNX: Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-44512",
        "datePublished": "2026-07-08T19:32:04.886Z",
        "dateReserved": "2026-05-06T18:28:20.887Z",
        "dateUpdated": "2026-07-09T13:36:58.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54712 (GCVE-0-2026-54712)

    Vulnerability from nvd – Published: 2026-07-01 21:17 – Updated: 2026-07-02 15:41
    VLAI
    Title
    OpenTelemetry Javaagent RMI context propagation allows resource exhaustion
    Summary
    OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the stream. An attacker who can reach an RMI endpoint on an instrumented JVM can send an oversized context propagation payload. This can cause excessive memory allocation while the JVM reads the payload, potentially leading to denial of service. The issue affects only deployments where RMI instrumentation is enabled and an RMI endpoint is network-reachable. This issue has been fixed in version 2.27.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54712",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T15:40:45.548293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T15:41:16.104Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "opentelemetry-java-instrumentation",
              "vendor": "open-telemetry",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c  2.27.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the stream. An attacker who can reach an RMI endpoint on an instrumented JVM can send an oversized context propagation payload. This can cause excessive memory allocation while the JVM reads the payload, potentially leading to denial of service. The issue affects only deployments where RMI instrumentation is enabled and an RMI endpoint is network-reachable. This issue has been fixed in version 2.27.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T21:17:44.160Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/security/advisories/GHSA-fq3f-m5qm-99f5",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/security/advisories/GHSA-fq3f-m5qm-99f5"
            }
          ],
          "source": {
            "advisory": "GHSA-fq3f-m5qm-99f5",
            "discovery": "UNKNOWN"
          },
          "title": "OpenTelemetry Javaagent RMI context propagation allows resource exhaustion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54712",
        "datePublished": "2026-07-01T21:17:44.160Z",
        "dateReserved": "2026-06-15T22:58:06.563Z",
        "dateUpdated": "2026-07-02T15:41:16.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54704 (GCVE-0-2026-54704)

    Vulnerability from nvd – Published: 2026-07-01 21:15 – Updated: 2026-07-02 12:23
    VLAI
    Title
    OpenTelemetry Java Instrumentation: JDBC Auto-Instrumentation Logging Clear-Text Passwords
    Summary
    OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text database passwords can be added to trace span attributes and exported to observability backends. This issue has been fixed in version 2.28.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54704",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:23:43.311803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:23:50.336Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "opentelemetry-java-instrumentation",
              "vendor": "open-telemetry",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.28.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text database passwords can be added to trace span attributes and exported to observability backends. This issue has been fixed in version 2.28.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532: Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T21:15:37.903Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/security/advisories/GHSA-rwqx-fvqh-6wm4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/security/advisories/GHSA-rwqx-fvqh-6wm4"
            }
          ],
          "source": {
            "advisory": "GHSA-rwqx-fvqh-6wm4",
            "discovery": "UNKNOWN"
          },
          "title": "OpenTelemetry Java Instrumentation: JDBC Auto-Instrumentation Logging Clear-Text Passwords"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54704",
        "datePublished": "2026-07-01T21:15:37.903Z",
        "dateReserved": "2026-06-15T22:58:06.563Z",
        "dateUpdated": "2026-07-02T12:23:50.336Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58208 (GCVE-0-2026-58208)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:17 – Updated: 2026-07-09 14:04
    VLAI
    Title
    NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with access to the WebSocket listener to reach uninitialized MQTT state and crash the server process. This issue is fixed in versions 2.14.3 and 2.12.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: >= 2.14.0-RC.1, < 2.14.3
    Affected: < 2.12.12
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58208",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:04:07.392572Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:04:28.045Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2.12.12"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with access to the WebSocket listener to reach uninitialized MQTT state and crash the server process. This issue is fixed in versions 2.14.3 and 2.12.12."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248: Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:17:39.187Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-p957-7v2w-g93g",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-p957-7v2w-g93g"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/73b3dd9a5ea0fa7bf08b702338676355b29b5fb4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/73b3dd9a5ea0fa7bf08b702338676355b29b5fb4"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/837536b98b3a9280b993282155ff2bdd3ca38c30",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/837536b98b3a9280b993282155ff2bdd3ca38c30"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3"
            }
          ],
          "source": {
            "advisory": "GHSA-p957-7v2w-g93g",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58208",
        "datePublished": "2026-07-08T20:17:39.187Z",
        "dateReserved": "2026-06-29T17:09:25.872Z",
        "dateUpdated": "2026-07-09T14:04:28.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58211 (GCVE-0-2026-58211)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:16 – Updated: 2026-07-09 14:27
    VLAI
    Title
    NATS Server: `no_auth_user` pre-CONNECT fast path bypasses user connection restrictions
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured no_auth_user through a parser path used when the first client operation was not CONNECT, bypassing user-level connection restrictions such as allowed_connection_types or proxy_required that normal authentication would apply. This issue is fixed in versions 2.14.3 and 2.12.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.12.12
    Affected: >= 2.14.0-RC.1, < 2.14.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58211",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:27:18.977045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:27:25.118Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.12.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured no_auth_user through a parser path used when the first client operation was not CONNECT, bypassing user-level connection restrictions such as allowed_connection_types or proxy_required that normal authentication would apply. This issue is fixed in versions 2.14.3 and 2.12.12."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:16:25.262Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-hmmp-q8cx-v964",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-hmmp-q8cx-v964"
            }
          ],
          "source": {
            "advisory": "GHSA-hmmp-q8cx-v964",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: `no_auth_user` pre-CONNECT fast path bypasses user connection restrictions"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58211",
        "datePublished": "2026-07-08T20:16:25.262Z",
        "dateReserved": "2026-06-29T17:09:25.872Z",
        "dateUpdated": "2026-07-09T14:27:25.118Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58207 (GCVE-0-2026-58207)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:15 – Updated: 2026-07-09 14:41
    VLAI
    Title
    NATS Server: Remote crash via integer overflow in Connz pagination
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal arithmetic before the response window was safely bounded. This issue is fixed in versions 2.14.3 and 2.12.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.12.12
    Affected: >= 2.14.0-RC.1, < 2.14.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58207",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:21:06.599044Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:41:02.162Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.12.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal arithmetic before the response window was safely bounded. This issue is fixed in versions 2.14.3 and 2.12.12."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:15:31.082Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-q59r-vq66-pxc2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-q59r-vq66-pxc2"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/2ae047139e37a38cb01e259a67909e7a39fa38e9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/2ae047139e37a38cb01e259a67909e7a39fa38e9"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/894d9411927681d66ce349bf1afe49608dc0c1a3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/894d9411927681d66ce349bf1afe49608dc0c1a3"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3"
            }
          ],
          "source": {
            "advisory": "GHSA-q59r-vq66-pxc2",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: Remote crash via integer overflow in Connz pagination"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58207",
        "datePublished": "2026-07-08T20:15:31.082Z",
        "dateReserved": "2026-06-29T17:09:25.872Z",
        "dateUpdated": "2026-07-09T14:41:02.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58210 (GCVE-0-2026-58210)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:13 – Updated: 2026-07-09 13:29
    VLAI
    Title
    NATS Server: MQTT partial CONNECT packets can exhaust pre-auth memory
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the parser waited for the advertised MQTT packet length. This issue is fixed in versions 2.14.3 and 2.12.12.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.12.12
    Affected: >= 2.14.0-RC.1, < 2.14.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58210",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:29:25.711675Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:29:36.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.12.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the parser waited for the advertised MQTT packet length. This issue is fixed in versions 2.14.3 and 2.12.12."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:13:37.082Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-r72h-j7qq-v6qg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-r72h-j7qq-v6qg"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/bce9ef39469e610aeddb819194ceb7f7edfc0861",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/bce9ef39469e610aeddb819194ceb7f7edfc0861"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/e016e47bbf70304945f2ae9dc397e4862adefaf5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/e016e47bbf70304945f2ae9dc397e4862adefaf5"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3"
            }
          ],
          "source": {
            "advisory": "GHSA-r72h-j7qq-v6qg",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: MQTT partial CONNECT packets can exhaust pre-auth memory"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58210",
        "datePublished": "2026-07-08T20:13:37.082Z",
        "dateReserved": "2026-06-29T17:09:25.872Z",
        "dateUpdated": "2026-07-09T13:29:36.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58209 (GCVE-0-2026-58209)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:12 – Updated: 2026-07-09 13:31
    VLAI
    Title
    NATS Server: MQTT retained and QoS replay bypass subscribe deny filters
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these delivery paths did not consistently recheck the concrete original topic before sending the MQTT PUBLISH to the subscriber. This issue is fixed in versions 2.14.3 and 2.12.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.12.12
    Affected: >= 2.14.0-RC.1, < 2.14.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58209",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:30:43.243356Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:31:07.445Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.12.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these delivery paths did not consistently recheck the concrete original topic before sending the MQTT PUBLISH to the subscriber. This issue is fixed in versions 2.14.3 and 2.12.12."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:12:11.240Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-7qmq-8cc4-hxwg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-7qmq-8cc4-hxwg"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/181b1f51f40b9954c57e9d478e051fb257679356",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/181b1f51f40b9954c57e9d478e051fb257679356"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/1c429b6fdc5afd4188cc5faf1127f6334896cd87",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/1c429b6fdc5afd4188cc5faf1127f6334896cd87"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3"
            }
          ],
          "source": {
            "advisory": "GHSA-7qmq-8cc4-hxwg",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: MQTT retained and QoS replay bypass subscribe deny filters"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58209",
        "datePublished": "2026-07-08T20:12:11.240Z",
        "dateReserved": "2026-06-29T17:09:25.872Z",
        "dateUpdated": "2026-07-09T13:31:07.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58214 (GCVE-0-2026-58214)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:06 – Updated: 2026-07-09 13:32
    VLAI
    Title
    NATS Server: MQTT subscribe ACL bypass via $MQTT.deliver.pubrel prefix (incomplete fix for CVE-2026-33217)
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protocol metadata for sessions in the account. This issue is fixed in versions 2.14.3 and 2.12.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.12.12
    Affected: >= 2.14.0-RC.1, < 2.14.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58214",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:32:18.907165Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:32:36.057Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.12.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protocol metadata for sessions in the account. This issue is fixed in versions 2.14.3 and 2.12.12."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:06:34.794Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-4g68-3pwx-5vfj",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-4g68-3pwx-5vfj"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/297b166be60fe13144084eed4b25201ead03204a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/297b166be60fe13144084eed4b25201ead03204a"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/34b09657bb596d5f850eaa5cfc97ea6b2f989a97",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/34b09657bb596d5f850eaa5cfc97ea6b2f989a97"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.12"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3"
            }
          ],
          "source": {
            "advisory": "GHSA-4g68-3pwx-5vfj",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: MQTT subscribe ACL bypass via $MQTT.deliver.pubrel prefix (incomplete fix for CVE-2026-33217)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58214",
        "datePublished": "2026-07-08T20:06:34.794Z",
        "dateReserved": "2026-06-29T17:09:25.873Z",
        "dateUpdated": "2026-07-09T13:32:36.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58254 (GCVE-0-2026-58254)

    Vulnerability from cvelistv5 – Published: 2026-07-08 19:56 – Updated: 2026-07-09 13:38
    VLAI
    Title
    NATS Server: Incomplete fix for CVE-2026-33249: Leaf node connections bypass Nats-Trace-Dest permission check
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode operator to send trace events to subjects that would not otherwise be permitted and to use trace-only behavior to prevent normal delivery or storage of affected messages. This issue is fixed in versions 2.14.3 and 2.12.8.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.12.8
    Affected: >= 2.14.0-RC.1, < 2.14.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58254",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:38:04.787145Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:38:17.588Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.12.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0-RC.1, \u003c 2.14.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode operator to send trace events to subjects that would not otherwise be permitted and to use trace-only behavior to prevent normal delivery or storage of affected messages. This issue is fixed in versions 2.14.3 and 2.12.8."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:56:58.311Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-p3j5-5hrq-p75h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-p3j5-5hrq-p75h"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/cbe845932980b71563efac5cfa4cc751c88936cd",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/cbe845932980b71563efac5cfa4cc751c88936cd"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.8"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.3"
            }
          ],
          "source": {
            "advisory": "GHSA-p3j5-5hrq-p75h",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: Incomplete fix for CVE-2026-33249: Leaf node connections bypass Nats-Trace-Dest permission check"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58254",
        "datePublished": "2026-07-08T19:56:58.311Z",
        "dateReserved": "2026-06-29T21:54:30.330Z",
        "dateUpdated": "2026-07-09T13:38:17.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58213 (GCVE-0-2026-58213)

    Vulnerability from cvelistv5 – Published: 2026-07-08 19:52 – Updated: 2026-07-09 13:33
    VLAI
    Title
    NATS Server: MQTT SUBSCRIBE Protocol Injection via Leaf Node/Route Forwarding allows arbitrary NATS command injection
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupting the forwarded protocol stream and allowing injection of unintended NATS protocol operations. This issue is fixed in versions 2.14.1 and 2.12.9.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.12.9
    Affected: >= 2.14.0-RC.1, < 2.14.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58213",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:32:57.416842Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:33:07.155Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.12.9"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.14.0-RC.1, \u003c 2.14.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupting the forwarded protocol stream and allowing injection of unintended NATS protocol operations. This issue is fixed in versions 2.14.1 and 2.12.9."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:52:12.148Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrcv-3558-gj4f",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrcv-3558-gj4f"
            },
            {
              "name": "https://github.com/nats-io/nats-server/pull/8163",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/pull/8163"
            },
            {
              "name": "https://github.com/nats-io/nats-server/pull/8164",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/pull/8164"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/366837cfc65ab9ccb4f98193c65e8daf238582d8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/366837cfc65ab9ccb4f98193c65e8daf238582d8"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/64ebae40051ee497c481e10f316238faf0de1736",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/64ebae40051ee497c481e10f316238faf0de1736"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/f14856b9e57a36818f43851cb69b6e33670885c9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/f14856b9e57a36818f43851cb69b6e33670885c9"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.9"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.1"
            }
          ],
          "source": {
            "advisory": "GHSA-qrcv-3558-gj4f",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: MQTT SUBSCRIBE Protocol Injection via Leaf Node/Route Forwarding allows arbitrary NATS command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58213",
        "datePublished": "2026-07-08T19:52:12.148Z",
        "dateReserved": "2026-06-29T17:09:25.873Z",
        "dateUpdated": "2026-07-09T13:33:07.155Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58250 (GCVE-0-2026-58250)

    Vulnerability from cvelistv5 – Published: 2026-07-08 19:48 – Updated: 2026-07-09 13:33
    VLAI
    Title
    NATS Server: Pre-auth server crash via double INFO in leafnode handshake
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by sending repeated leafnode INFO protocol messages before authentication and account setup completed. This issue is fixed in versions 2.12.8 and 2.11.17.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.11.17
    Affected: >= 2.12.0-preview.1, < 2.12.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58250",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:33:35.375405Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:33:45.059Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.11.17"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.12.0-preview.1, \u003c 2.12.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by sending repeated leafnode INFO protocol messages before authentication and account setup completed. This issue is fixed in versions 2.12.8 and 2.11.17."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:48:55.058Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-3g5q-cfh2-cq67",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-3g5q-cfh2-cq67"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/8dcb26eaea78fdcbe96dbee5986d6019fd5cb94a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/8dcb26eaea78fdcbe96dbee5986d6019fd5cb94a"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/fc5fe39177533e9dbdd651d2458285bfae1dde27",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/fc5fe39177533e9dbdd651d2458285bfae1dde27"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.11.17",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.11.17"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.8"
            }
          ],
          "source": {
            "advisory": "GHSA-3g5q-cfh2-cq67",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: Pre-auth server crash via double INFO in leafnode handshake"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58250",
        "datePublished": "2026-07-08T19:48:55.058Z",
        "dateReserved": "2026-06-29T21:54:30.330Z",
        "dateUpdated": "2026-07-09T13:33:45.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58252 (GCVE-0-2026-58252)

    Vulnerability from cvelistv5 – Published: 2026-07-08 19:46 – Updated: 2026-07-09 13:34
    VLAI
    Title
    NATS Server: Subscribe Authz Bypass via Wildcard-Overlap
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset of it, and queue subscriptions could also affect delivery to legitimate queue consumers. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.11.16
    Affected: >= 2.12.0-preview.1, < 2.12.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58252",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:34:18.644909Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:34:28.023Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.11.16"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.12.0-preview.1, \u003c 2.12.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset of it, and queue subscriptions could also affect delivery to legitimate queue consumers. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:46:54.572Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-wh7g-5m82-pmhr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-wh7g-5m82-pmhr"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/8ced85a11497f86704a95d960281480ce037386b",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/8ced85a11497f86704a95d960281480ce037386b"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/a42a6d1e258eb5c3a2190384d31965a4b715e854",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/a42a6d1e258eb5c3a2190384d31965a4b715e854"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/e611ca9604697b02d8f22beb76037400a9cf72e6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/e611ca9604697b02d8f22beb76037400a9cf72e6"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.11.16",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.11.16"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.7"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.0"
            }
          ],
          "source": {
            "advisory": "GHSA-wh7g-5m82-pmhr",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: Subscribe Authz Bypass via Wildcard-Overlap"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58252",
        "datePublished": "2026-07-08T19:46:10.380Z",
        "dateReserved": "2026-06-29T21:54:30.330Z",
        "dateUpdated": "2026-07-09T13:34:28.023Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58253 (GCVE-0-2026-58253)

    Vulnerability from cvelistv5 – Published: 2026-07-08 19:43 – Updated: 2026-07-09 13:35
    VLAI
    Title
    NATS Server: Route API Auth Bypass
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when no_auth_user was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an unauthenticated peer to bypass inter-server CONNECT authentication and operate with the privileges associated with that connection type. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.11.16
    Affected: >= 2.12.0-preview.1, < 2.12.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:35:15.515260Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:35:24.068Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.11.16"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.12.0-preview.1, \u003c 2.12.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when no_auth_user was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an unauthenticated peer to bypass inter-server CONNECT authentication and operate with the privileges associated with that connection type. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:43:13.776Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-38x3-76xf-cq45",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-38x3-76xf-cq45"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/7b81dd455ea95960090a84858c7662827948d1b6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/7b81dd455ea95960090a84858c7662827948d1b6"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/8b8e1ad4ceed32321e00d4fc6e76be05bc13bca6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/8b8e1ad4ceed32321e00d4fc6e76be05bc13bca6"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/b86147e81710a52b72a7f7275f91d69f723f5cb3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/b86147e81710a52b72a7f7275f91d69f723f5cb3"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.11.16",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.11.16"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.7"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.0"
            }
          ],
          "source": {
            "advisory": "GHSA-38x3-76xf-cq45",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: Route API Auth Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58253",
        "datePublished": "2026-07-08T19:43:13.776Z",
        "dateReserved": "2026-06-29T21:54:30.330Z",
        "dateUpdated": "2026-07-09T13:35:24.068Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58251 (GCVE-0-2026-58251)

    Vulnerability from cvelistv5 – Published: 2026-07-08 19:40 – Updated: 2026-07-09 13:40
    VLAI
    Title
    NATS Server: Queue Subscribe Authz Bypass
    Summary
    NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny evaluation could override the plain subject deny result when the queue name itself was not denied. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    nats-io nats-server Affected: < 2.11.16
    Affected: >= 2.12.0-RC.1, < 2.12.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-58251",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:40:09.306056Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:40:28.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "nats-server",
              "vendor": "nats-io",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.11.16"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.12.0-RC.1, \u003c 2.12.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny evaluation could override the plain subject deny result when the queue name itself was not denied. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:40:28.308Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-jx8g-9g95-6322",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-jx8g-9g95-6322"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/013586288078def45a6788096924eb4d150db65c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/013586288078def45a6788096924eb4d150db65c"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/79c2f6e9ff87f594596337b6427dda85c38d1fe1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/79c2f6e9ff87f594596337b6427dda85c38d1fe1"
            },
            {
              "name": "https://github.com/nats-io/nats-server/commit/b9ffb63b85e7db3d25a13b2e234f5f7f7c13164d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/commit/b9ffb63b85e7db3d25a13b2e234f5f7f7c13164d"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.11.16",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.11.16"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.12.7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.7"
            },
            {
              "name": "https://github.com/nats-io/nats-server/releases/tag/v2.14.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nats-io/nats-server/releases/tag/v2.14.0"
            }
          ],
          "source": {
            "advisory": "GHSA-jx8g-9g95-6322",
            "discovery": "UNKNOWN"
          },
          "title": "NATS Server: Queue Subscribe Authz Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-58251",
        "datePublished": "2026-07-08T19:40:28.308Z",
        "dateReserved": "2026-06-29T21:54:30.330Z",
        "dateUpdated": "2026-07-09T13:40:28.073Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44512 (GCVE-0-2026-44512)

    Vulnerability from cvelistv5 – Published: 2026-07-08 19:32 – Updated: 2026-07-09 13:36
    VLAI
    Title
    ONNX: Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)
    Summary
    Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() in onnx/version_converter/adapters/upsample_6_7.h when processing an untrusted model with an Upsample node that has zero inputs, causing an unrecoverable denial of service. This issue is fixed in version 1.22.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    onnx onnx Affected: >= 1.9.0, < 1.22.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44512",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:36:51.723168Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:36:58.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/onnx/onnx/security/advisories/GHSA-hwpq-hmq9-wj77"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "onnx",
              "vendor": "onnx",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.9.0, \u003c 1.22.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() in onnx/version_converter/adapters/upsample_6_7.h when processing an untrusted model with an Upsample node that has zero inputs, causing an unrecoverable denial of service. This issue is fixed in version 1.22.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:32:04.886Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/onnx/onnx/security/advisories/GHSA-hwpq-hmq9-wj77",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/onnx/onnx/security/advisories/GHSA-hwpq-hmq9-wj77"
            },
            {
              "name": "https://github.com/onnx/onnx/pull/7813",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/onnx/onnx/pull/7813"
            },
            {
              "name": "https://github.com/onnx/onnx/commit/cd310408165ad47c3cd7eb2b86cb5b80aa2e4fdf",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/onnx/onnx/commit/cd310408165ad47c3cd7eb2b86cb5b80aa2e4fdf"
            },
            {
              "name": "https://github.com/onnx/onnx/releases/tag/v1.22.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/onnx/onnx/releases/tag/v1.22.0"
            }
          ],
          "source": {
            "advisory": "GHSA-hwpq-hmq9-wj77",
            "discovery": "UNKNOWN"
          },
          "title": "ONNX: Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-44512",
        "datePublished": "2026-07-08T19:32:04.886Z",
        "dateReserved": "2026-05-06T18:28:20.887Z",
        "dateUpdated": "2026-07-09T13:36:58.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54712 (GCVE-0-2026-54712)

    Vulnerability from cvelistv5 – Published: 2026-07-01 21:17 – Updated: 2026-07-02 15:41
    VLAI
    Title
    OpenTelemetry Javaagent RMI context propagation allows resource exhaustion
    Summary
    OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the stream. An attacker who can reach an RMI endpoint on an instrumented JVM can send an oversized context propagation payload. This can cause excessive memory allocation while the JVM reads the payload, potentially leading to denial of service. The issue affects only deployments where RMI instrumentation is enabled and an RMI endpoint is network-reachable. This issue has been fixed in version 2.27.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54712",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T15:40:45.548293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T15:41:16.104Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "opentelemetry-java-instrumentation",
              "vendor": "open-telemetry",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c  2.27.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the stream. An attacker who can reach an RMI endpoint on an instrumented JVM can send an oversized context propagation payload. This can cause excessive memory allocation while the JVM reads the payload, potentially leading to denial of service. The issue affects only deployments where RMI instrumentation is enabled and an RMI endpoint is network-reachable. This issue has been fixed in version 2.27.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T21:17:44.160Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/security/advisories/GHSA-fq3f-m5qm-99f5",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/security/advisories/GHSA-fq3f-m5qm-99f5"
            }
          ],
          "source": {
            "advisory": "GHSA-fq3f-m5qm-99f5",
            "discovery": "UNKNOWN"
          },
          "title": "OpenTelemetry Javaagent RMI context propagation allows resource exhaustion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54712",
        "datePublished": "2026-07-01T21:17:44.160Z",
        "dateReserved": "2026-06-15T22:58:06.563Z",
        "dateUpdated": "2026-07-02T15:41:16.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54704 (GCVE-0-2026-54704)

    Vulnerability from cvelistv5 – Published: 2026-07-01 21:15 – Updated: 2026-07-02 12:23
    VLAI
    Title
    OpenTelemetry Java Instrumentation: JDBC Auto-Instrumentation Logging Clear-Text Passwords
    Summary
    OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text database passwords can be added to trace span attributes and exported to observability backends. This issue has been fixed in version 2.28.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54704",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:23:43.311803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:23:50.336Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "opentelemetry-java-instrumentation",
              "vendor": "open-telemetry",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.28.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text database passwords can be added to trace span attributes and exported to observability backends. This issue has been fixed in version 2.28.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532: Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T21:15:37.903Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/security/advisories/GHSA-rwqx-fvqh-6wm4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/security/advisories/GHSA-rwqx-fvqh-6wm4"
            }
          ],
          "source": {
            "advisory": "GHSA-rwqx-fvqh-6wm4",
            "discovery": "UNKNOWN"
          },
          "title": "OpenTelemetry Java Instrumentation: JDBC Auto-Instrumentation Logging Clear-Text Passwords"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54704",
        "datePublished": "2026-07-01T21:15:37.903Z",
        "dateReserved": "2026-06-15T22:58:06.563Z",
        "dateUpdated": "2026-07-02T12:23:50.336Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }