Configuration in nats-server - CVE-2021-32026
Published: May 4, 2021 / Updated: June 30, 2026
nats-server
Detailed vulnerability description
The vulnerability allows a remote attacker to negotiate unexpected TLS ciphersuites.
The vulnerability exists due to improper configuration handling in the TLS configuration logic when processing command-line TLS parameters. A remote attacker can initiate a TLS connection to negotiate unexpected TLS ciphersuites.
The issue occurs only when the server is started with TLS key and certificate settings supplied through command-line options.