You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
nats security
About this tag
The nats security tag covers vulnerabilities and hardening guidance for the NATS messaging system. Recent discussions focus on CVE-2026-33216, a high-severity credential exposure flaw that leaks MQTT passwords through monitoring endpoints in nats-server versions before 2.11.15 and 2.12.6. Another critical issue, CVE-2026-27571, involves a pre-authentication memory exhaustion attack via WebSocket compression bombs, patched in the same release lines. Topics include CWE-256 classification, official NATS security advisories, and practical mitigations for operators. The tag is relevant for administrators and developers securing NATS deployments against credential disclosure and denial-of-service risks.
NATS users running MQTT workloads have a fresh security issue to track: CVE-2026-33216, a password-disclosure flaw that can expose MQTT credentials through monitoring endpoints. The vulnerability affects nats-server builds before 2.11.15 and 2.12.6, and it matters because the leak is not a...
NATS server’s WebSocket handler contains a pre-authentication memory exhaustion vulnerability that can be triggered by a crafted compressed frame — a “compression bomb” — allowing an unauthenticated attacker to force excessive memory allocation and potentially crash the server; the issue is...
In light of the recent security disclosure, the Windows community must be informed about CVE-2024-38126, a security vulnerability affecting the Network Address Translation (NAT) component in Windows systems. This announcement, published by the Microsoft Security Response Center (MSRC)...