cvedb.io
CVE-2026-33215
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-03-24T21:16:28.640 · Last modified 2026-06-17T10:37:08.227

Summary

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issue. No known workarounds are available.

Affected products

linuxfoundation — nats-server

Does this affect you?

Add your gear to cvedb and we'll alert you only when linuxfoundation ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.