A vulnerability labeled as critical has been found in nats-io nats-server up to 2.11.15/2.12.6/2.13.x. The impacted element is an unknown function of the component CONNECT Authentication. Such manipulation leads to improper authentication.

This vulnerability is listed as CVE-2026-58253. The attack may be performed from remote. There is no available exploit.