Nats Server

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-27571 MEDIUM PATCH This Month

NATS Server versions prior to 2.11.2 and 2.12.3 fail to properly limit memory allocation during WebSocket compression, allowing unauthenticated attackers to trigger denial of service through compression bomb attacks that exhaust server memory. The vulnerability is exploitable pre-authentication since compression negotiation occurs before credential validation. A patch is available in versions 2.11.2 and 2.12.3.

Information Disclosure Nats Server Redhat Suse

NVD GitHub

CVSS 3.1

5.9

EPSS

0.1%

CVE-2026-27571

EPSS 0% CVSS 5.9

MEDIUM PATCH This Month

NATS Server versions prior to 2.11.2 and 2.12.3 fail to properly limit memory allocation during WebSocket compression, allowing unauthenticated attackers to trigger denial of service through compression bomb attacks that exhaust server memory. The vulnerability is exploitable pre-authentication since compression negotiation occurs before credential validation. A patch is available in versions 2.11.2 and 2.12.3.

Information Disclosure Nats Server Redhat +1

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy