You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-29785
About this tag
CVE-2026-29785 is a high-severity vulnerability in NATS Server that allows a malicious remote server to trigger a pre-authentication panic via compressed leafnode negotiation, causing a denial of service. The bug affects NATS Server versions before v2.11.14 and v2.12.5. The official advisory recommends upgrading to a patched version or disabling compression on the leafnode port as a temporary workaround. This tag covers discussions and mitigation strategies for CVE-2026-29785, focusing on the NATS messaging system and its security updates.
NATS Server has disclosed a serious availability bug in its leafnode handling, tracked as CVE-2026-29785. According to the project’s own advisory, a malicious remote NATS server can trigger a pre-authentication panic by abusing compression during leafnode negotiation, taking down the impacted...