EUVD-2026-15017
GHSA-fcjp-h8cc-6879
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
Lifecycle Timeline
4Description
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issue. No known workarounds are available.
Analysis
NATS-Server versions prior to 2.11.15 and 2.12.5 contain an authentication bypass vulnerability in the MQTT client interface that allows attackers to hijack sessions and messages through malicious MQTT Client ID manipulation. The vulnerability affects all versions of nats-server using the affected version ranges and has a CVSS score of 6.5 (medium-high severity) due to the combination of high confidentiality impact and low availability impact. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Audit authentication configurations.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today