Incorrect authorization in nats-server - #VU135935
Published: June 30, 2026
nats-server
Detailed vulnerability description
The vulnerability allows a remote user to bypass authorization checks and disclose sensitive metadata.
The vulnerability exists due to improper access control in leaf node message trace destination checks when processing messages arriving through leafnode connections. A remote user can send messages through a leafnode connection to cause trace events to be sent to subjects that would not otherwise be permitted to bypass authorization checks and disclose sensitive metadata.
Trace-only behavior can also prevent normal delivery or storage of affected messages. Trace events can include routing, subscription, account, service import, and JetStream metadata.