CVE-2026-33246 | nats-io nats-server up to 2.11.14/2.12.5 Nats-Request-Info Identity Header authentication spoofing

Inserito da Angelo Barbosa | Mar 25, 2026 | CVE

A vulnerability labeled as critical has been found in nats-io nats-server up to 2.11.14/2.12.5. This affects an unknown part of the component Nats-Request-Info Identity Header Handler. The manipulation results in authentication bypass by spoofing.

This vulnerability is reported as CVE-2026-33246. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.

CVE-2026-33246 | nats-io nats-server up to 2.11.14/2.12.5 Nats-Request-Info Identity Header authentication spoofing

Post correlati

CVE-2024-27270 | IBM WebSphere Application Server Liberty up to 24.0.0.3 URI cross site scripting (XFDB-284576)

CVE-2024-13845 | Gravity Forms WebHooks Plugin up to 1.6.0 on WordPress process_feed server-side request forgery

CVE-2024-39125 | Roundup up to 2.3.x HTTP Referer Header cross site scripting

CVE-2024-57924 | Linux Kernel up to 6.12.9/6.13-rc6 encode_fh encoding error