Primary

Context

NATS-Server Nats-Request-Info Header Spoofing Vulnerability

Vulnerability

Patched

A vulnerability exists in NATS-Server versions prior to 2.11.15 and 2.12.6, allowing identity spoofing through the Nats-Request-Info header. This header is intended to guarantee identity, but the removal of the header from incoming messages was not completely effective. As a result, an attacker with valid credentials for any regular client interface could impersonate their identity to services that depend on this header.

Impact

Exploitation of this vulnerability allows for identity spoofing, where an attacker can misrepresent themselves to services that rely on the Nats-Request-Info header for identity verification.

Remediation

Users can upgrade to NATS-Server versions 2.12.6 or 2.11.15 to address this vulnerability.

Added: Mar 25, 2026, 9:55 PM

Updated: Mar 25, 2026, 9:55 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.4

exploitability

4.8

remediation

7.7

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.4

exploitability

4.8

remediation

7.7

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NATS-Server Nats-Request-Info Header Spoofing Vulnerability

Vulnerability

Impact

Remediation

Affected Products

NATS-Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating