Incorrect authorization in nats-server - #VU135929
Published: June 30, 2026
nats-server
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper access control in MQTT retained message delivery and QoS1+ durable replay handling when replaying or delivering stored MQTT messages to subscribers. A remote user can subscribe with broad wildcard permissions and receive messages from denied topics to disclose sensitive information.
Only MQTT subscribers with broad wildcard subscribe permissions combined with more specific denied topics are affected, and normal live delivery may be blocked while retained or replayed delivery still sends the denied topic.