Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-27889— NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead

CVSS 7.5 · High EPSS 0.09% · P25
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-27889

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead
Source: NVD (National Vulnerability Database)
Vulnerability Description
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-server. This happens before authentication, and so is exposed to anyone who can connect to the websockets port. Versions 2.11.14 and 2.12.5 contains a fix. A workaround is available. The vulnerability only affects deployments which use WebSockets and which expose the network port to untrusted end-points. If one is able to do so, a defense in depth of restricting either of these will mitigate the attack.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
整数溢出或超界折返
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nats-Server 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nats-Server是Nats开源的一个用于 Nats.io、云和边缘本机消息传递系统的高性能服务器。 Nats-Server 2.11.14之前版本和2.12.5之前版本存在输入验证错误漏洞,该漏洞源于WebSockets帧缺少完整性检查,可能触发服务器内核崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
nats-ionats-server >= 2.2.0, < 2.11.14 -

II. Public POCs for CVE-2026-27889

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-27889

登录查看更多情报信息。

Same Patch Batch · nats-io · 2026-03-25 · 12 CVEs total

CVE-2026-332168.6 HIGHNATS has MQTT plaintext password disclosure
CVE-2026-297857.5 HIGHNATS Server panic via malicious compression on leafnode port
CVE-2026-332187.5 HIGHNATS has pre-auth server panic via leafnode handling
CVE-2026-332477.4 HIGHNATS credentials are exposed in monitoring port via command-line argv
CVE-2026-332177.1 HIGHNATS allows MQTT clients to bypass ACL checks
CVE-2026-332466.4 MEDIUMNATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers
CVE-2026-332236.4 MEDIUMNATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing
CVE-2026-332195.3 MEDIUMNATS is vulnerable to pre-auth DoS through WebSockets client service
CVE-2026-332224.9 MEDIUMNATS JetStream has an authorization bypass through its Management API
CVE-2026-332494.3 MEDIUMNATS: Message tracing can be redirected to arbitrary subject
CVE-2026-332484.2 MEDIUMNATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching

IV. Related Vulnerabilities

Same product: nats-server
Same vendor: nats-io
Same weakness: CWE-190

V. Comments for CVE-2026-27889

No comments yet

Leave a comment