Uncaught Exception in nats-server - #VU135928
Published: June 30, 2026
nats-server
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to an uncaught exception in the WebSocket listener MQTT-over-WebSocket path when handling requests for the MQTT-over-WebSocket path while MQTT is not configured. A remote attacker can send a specially crafted request to cause a denial of service.
Only deployments that enable WebSocket while leaving MQTT disabled are affected.