Resource exhaustion in nats-server - #VU135930
Published: June 30, 2026
nats-server
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled resource consumption in the MQTT CONNECT packet parser when processing incomplete pre-authentication MQTT CONNECT packets. A remote attacker can send a large incomplete MQTT CONNECT packet to cause a denial of service.
Only servers with MQTT support enabled are affected.