Incorrect authorization in nats-server - #VU135929

 

Incorrect authorization in nats-server - #VU135929

Published: June 30, 2026


Vulnerability identifier: #VU135929
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-863
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: NATS - The Cloud Native Messaging System
Affected software:
nats-server

Detailed vulnerability description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in MQTT retained message delivery and QoS1+ durable replay handling when replaying or delivering stored MQTT messages to subscribers. A remote user can subscribe with broad wildcard permissions and receive messages from denied topics to disclose sensitive information.

Only MQTT subscribers with broad wildcard subscribe permissions combined with more specific denied topics are affected, and normal live delivery may be blocked while retained or replayed delivery still sends the denied topic.


Remediation

Install security update from vendor's website.

Sources