Improper Authentication in nats-server - #VU135926
Published: June 30, 2026
nats-server
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication and gain privileges associated with inter-server connection types.
The vulnerability exists due to improper authentication in route or leafnode listeners when processing connections before the inter-server CONNECT authentication flow completes. A remote attacker can connect to an affected listener and exploit the parser fast path to bypass authentication and gain privileges associated with inter-server connection types.
The issue occurs when no_auth_user is configured.