Improper access control in nats-server - CVE-2020-26892
Published: June 29, 2022 / Updated: June 30, 2026
nats-server
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to improper access restrictions in JWT library in NATS nats-server when handling expired credentials. A remote attacker can send a specially crafted request, gain unauthorized access and execute arbitrary code on the system.