github.com/nats-io/nats-server (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/nats-io/nats-server, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (20)
CVE-2022-28357 — CVSS 9.8 (critical): NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management…
CVE-2022-24450 — CVSS 8.8 (high): NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by…
CVE-2026-33216 — CVSS 8.6 (high): NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for…
CVE-2019-13126 — CVSS 7.5 (high): An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If…
CVE-2020-28466 — CVSS 7.5 (high): This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs…
CVE-2026-27889 — CVSS 7.5 (high): NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to…
CVE-2026-29785 — CVSS 7.5 (high): NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if…
CVE-2026-33218 — CVSS 7.5 (high): NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a…
CVE-2026-33247 — CVSS 7.4 (high): NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a…
CVE-2026-33217 — CVSS 7.1 (high): NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when…
CVE-2026-33215 — CVSS 6.5 (medium): NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client…
CVE-2022-26652 — CVSS 6.5 (medium): NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams…
CVE-2026-33246 — CVSS 6.4 (medium): NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a…
CVE-2026-33223 — CVSS 6.4 (medium): NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the…
CVE-2022-29946 — CVSS 6.3 (medium): NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused…
CVE-2026-27571 — CVSS 5.9 (medium): NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages…
CVE-2026-33219 — CVSS 5.3 (medium): NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a…
CVE-2026-33222 — CVSS 4.9 (medium): NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users…
CVE-2026-33249 — CVSS 4.3 (medium): NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to…
CVE-2026-33248 — CVSS 4.2 (medium): NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when…