Integer overflow in nats-server - #VU135927
Published: June 30, 2026
nats-server
Detailed vulnerability description
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to integer overflow in Connz pagination when processing account-scoped connection monitoring requests. A remote user can send a request with crafted pagination values to cause a denial of service.
On no-auth deployments, any client with network access to the client listener can reach the vulnerable request path. In multi-tenant deployments, exploitation depends on whether a tenant can publish to the imported account monitoring request subject.