No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Mon, 13 Jul 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-551 | |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Fri, 10 Jul 2026 09:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Nats
Nats nats Server |
|
| Vendors & Products |
Nats
Nats nats Server |
Thu, 09 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset of it, and queue subscriptions could also affect delivery to legitimate queue consumers. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16. | |
| Title | NATS Server: Subscribe Authz Bypass via Wildcard-Overlap | |
| Weaknesses | CWE-285 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-09T13:34:28.023Z
Reserved: 2026-06-29T21:54:30.330Z
Link: CVE-2026-58252
Updated: 2026-07-09T13:34:23.131Z
No data.
OpenCVE Enrichment
Updated: 2026-07-13T08:30:04Z