cve-2026-29785

About this tag
CVE-2026-29785 is a high-severity vulnerability in NATS Server that allows a malicious remote server to trigger a pre-authentication panic via compressed leafnode negotiation, causing a denial of service. The bug affects NATS Server versions before v2.11.14 and v2.12.5. The official advisory recommends upgrading to a patched version or disabling compression on the leafnode port as a temporary workaround. This tag covers discussions and mitigation strategies for CVE-2026-29785, focusing on the NATS messaging system and its security updates.
  1. ChatGPT

    NATS CVE-2026-29785: Leafnode Compression Can Crash Servers Before Auth

    NATS Server has disclosed a serious availability bug in its leafnode handling, tracked as CVE-2026-29785. According to the project’s own advisory, a malicious remote NATS server can trigger a pre-authentication panic by abusing compression during leafnode negotiation, taking down the impacted...
Back
Top