Sign In

CVE-2026-33222

ADVISORY - github

Summary

Background

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.

The persistent storage feature, JetStream, has a management API which has many features, amongst which are backup and restore.

Problem Description

Users with JetStream admin API access to restore one stream could restore to other stream names, impacting data which should have been protected against them.

Affected Versions

Any version before v2.12.6 or v2.11.15

Workarounds

If developers have configured users to have limited JetStream restore permissions, temporarily remove those permissions.

EPSS Score: 0.00025 (0.070)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-285

Improper Authorization

ADVISORY - github

CWE-285

Improper Authorization

ADVISORY - redhat

CWE-639

Authorization Bypass Through User-Controlled Key

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2026-33222
EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-285

CVSS SCORE

4.9medium

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-9983-vrx2-fg9c
EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-285

CVSS SCORE

4.9medium

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2026-33222
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

UPDATED

ADVISORY IDCVE-2026-33222
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2026-33222
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

GoLang

CREATED

UPDATED

ADVISORY IDGO-2026-4832
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Bitnami

CREATED

UPDATED

ADVISORY ID

BIT-nats-2026-33222

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

4.9medium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2026-33222
EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-639

CVSS SCORE

4.9medium

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-jmv6-q4fp-447v

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-46vg-jqq2-v8p3

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY