A vulnerability categorized as problematic has been discovered in nats-io nats-server up to 2.11.15/2.12.6. This affects an unknown part of the component Subscription Deny Evaluation. Executing a manipulation can lead to improper authentication.

This vulnerability is tracked as CVE-2026-58251. The attack can be launched remotely. No exploit exists.