You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
nats server security
About this tag
The nats server security tag covers vulnerabilities and hardening guidance for NATS Server, a messaging system often used in cloud-native and microservice architectures. Recent discussions focus on CVE-2026-29785, a critical denial-of-service flaw in leafnode compression that can crash servers before authentication completes. The advisory recommends upgrading to versions 2.11.14 or 2.12.5, or disabling compression on the leafnode port as a temporary workaround. Topics include pre-authentication attack vectors, patch management, and configuration best practices to maintain availability. This tag is relevant for system administrators, DevOps engineers, and security teams managing NATS infrastructure.
NATS Server has disclosed a serious availability bug in its leafnode handling, tracked as CVE-2026-29785. According to the project’s own advisory, a malicious remote NATS server can trigger a pre-authentication panic by abusing compression during leafnode negotiation, taking down the impacted...