CVE-2026-33215
ADVISORY - githubSummary
Background
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.
The nats-server provides an MQTT client interface.
Problem Description
Sessions and Messages can by hijacked via MQTT Client ID malfeasance.
Affected Versions
Any version before v2.12.6 or v2.11.15
Workarounds
None.
Resources
- This document is canonically: https://advisories.nats.io/CVE/secnote-2026-06.txt
- GHSA advisory: https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879
- MITRE CVE entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33215
EPSS Score: 0.00015 (0.027)
Common Weakness Enumeration (CWE)
ADVISORY - github
Improper Authentication
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in