Vulnerabilidades en nats-io
16 resultadosCVE-2025-30215CRITICALNATS-Server Fails to Authorize Certain Jetstream Admin APIsEPSS 0.5%CVE-2026-29785HIGHNATS Server panic via malicious compression on leafnode portEPSS 0.5%CVE-2026-27571MEDIUMnats-server websockets are vulnerable to pre-auth memory DoSEPSS 0.5%CVE-2026-33218HIGHNATS has pre-auth server panic via leafnode handlingEPSS 0.4%CVE-2026-27889HIGHNATS: Pre-auth remote server crash via WebSocket frame length overflow in wsReadEPSS 0.4%CVE-2023-46129HIGHxkeys Seal encryption used fixed key for all encryptionEPSS 0.4%CVE-2026-33219MEDIUMNATS is vulnerable to pre-auth DoS through WebSockets client serviceEPSS 0.3%CVE-2026-33222MEDIUMNATS JetStream has an authorization bypass through its Management APIEPSS 0.3%CVE-2026-33247HIGHNATS credentials are exposed in monitoring port via command-line argvEPSS 0.3%CVE-2026-33216HIGHNATS has MQTT plaintext password disclosureEPSS 0.3%CVE-2026-33215MEDIUMNATS is vulnerable to MQTT hijacking via Client IDEPSS 0.2%CVE-2026-33249MEDIUMNATS: Message tracing can be redirected to arbitrary subjectEPSS 0.2%CVE-2026-33223MEDIUMNATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity SpoofingEPSS 0.2%CVE-2026-33217HIGHNATS allows MQTT clients to bypass ACL checksEPSS 0.2%CVE-2026-33246MEDIUMNATS: Leafnode connections allow spoofing of Nats-Request-Info identity headersEPSS 0.1%CVE-2026-33248MEDIUMNATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matchingEPSS 0.1%