CVE-2026-33215

Published: Mar 24, 2026 Last Modified: Mar 24, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: low

Description

AI Translation Available

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issue. No known workarounds are available.

287

Improper Authentication

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability Access Control
Potential Impacts:
Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: ICS/OT, Not Technology-Specific, Web Based
Likelihood of Exploit: High
View CWE Details
488

Exposure of Data Element to Wrong Session

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
All platforms may be affected
View CWE Details
https://advisories.nats.io/CVE/secnote-2026-06.tx
https://advisories.nats.io/CVE/secnote-2026-06.tx
https://github.com/nats-io/nats-server/security/advisories/…
https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879