Primary

Context

NATS-Server MQTT Client ID Hijacking Vulnerability

Vulnerability

Patched

A vulnerability in NATS-Server versions through 2.11.14 and 2.12.5 allows for hijacking of sessions and messages via manipulation of the MQTT Client ID. This issue arises in the server's MQTT client interface, where improper handling of Client IDs can lead to unauthorized access to sessions and messages.

Impact

Exploitation of this vulnerability could result in unauthorized access to sessions and messages, allowing for interception or manipulation of the communication.

Remediation

Users can upgrade to NATS-Server versions 2.12.6 or 2.11.15 to address this vulnerability.

Added: Mar 24, 2026, 9:25 PM

Updated: Mar 24, 2026, 9:25 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

1.3

exploitability

8.1

remediation

7.7

relevance

4.6

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

1.3

exploitability

8.1

remediation

7.7

relevance

4.6

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NATS-Server MQTT Client ID Hijacking Vulnerability

Vulnerability

Impact

Remediation

Affected Products

NATS-Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating