Sign In

CVE-2026-33215

ADVISORY - github

Summary

Background

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.

The nats-server provides an MQTT client interface.

Problem Description

Sessions and Messages can by hijacked via MQTT Client ID malfeasance.

Affected Versions

Any version before v2.12.6 or v2.11.15

Workarounds

None.

Resources

EPSS Score: 0.00015 (0.027)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-287

Improper Authentication

CWE-488

Exposure of Data Element to Wrong Session

ADVISORY - github

CWE-287

Improper Authentication

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2026-33215
EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-287CWE-488

CVSS SCORE

6.5medium

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-fcjp-h8cc-6879
EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-287

CVSS SCORE

6.5medium

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2026-33215
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

UPDATED

ADVISORY IDCVE-2026-33215
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2026-33215
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

GoLang

CREATED

UPDATED

ADVISORY IDGO-2026-4833
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-hfp5-mg9g-5pgq

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-cg65-mx7g-6r7h

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY