Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-58250
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-08 Jul, 2026 | 19:48
Updated At-09 Jul, 2026 | 13:33
Rejected At-
▼CVE Numbering Authority (CNA)
NATS Server: Pre-auth server crash via double INFO in leafnode handshake

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.12.8 and 2.11.17, an unauthenticated peer with network access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by sending repeated leafnode INFO protocol messages before authentication and account setup completed. This issue is fixed in versions 2.12.8 and 2.11.17.

Affected Products
Vendor
nats-io
Product
nats-server
Versions
Affected
  • < 2.11.17
  • >= 2.12.0-preview.1, < 2.12.8
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476: NULL Pointer Dereference
Type: CWE
CWE ID: CWE-476
Description: CWE-476: NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/nats-io/nats-server/security/advisories/GHSA-3g5q-cfh2-cq67
x_refsource_CONFIRM
https://github.com/nats-io/nats-server/commit/8dcb26eaea78fdcbe96dbee5986d6019fd5cb94a
x_refsource_MISC
https://github.com/nats-io/nats-server/commit/fc5fe39177533e9dbdd651d2458285bfae1dde27
x_refsource_MISC
https://github.com/nats-io/nats-server/releases/tag/v2.11.17
x_refsource_MISC
https://github.com/nats-io/nats-server/releases/tag/v2.12.8
x_refsource_MISC
Hyperlink: https://github.com/nats-io/nats-server/security/advisories/GHSA-3g5q-cfh2-cq67
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/nats-io/nats-server/commit/8dcb26eaea78fdcbe96dbee5986d6019fd5cb94a
Resource:
x_refsource_MISC
Hyperlink: https://github.com/nats-io/nats-server/commit/fc5fe39177533e9dbdd651d2458285bfae1dde27
Resource:
x_refsource_MISC
Hyperlink: https://github.com/nats-io/nats-server/releases/tag/v2.11.17
Resource:
x_refsource_MISC
Hyperlink: https://github.com/nats-io/nats-server/releases/tag/v2.12.8
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Details not found