Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-27571
Awaiting Analysis
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-24 Feb, 2026 | 17:29
Updated At-24 Feb, 2026 | 21:52

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS message but did not independently bound the memory consumption of the memory stream when constructing a NATS message which might then fail validation for size reasons. An attacker can use a compression bomb to cause excessive memory consumption, often resulting in the operating system terminating the server process. The use of compression is negotiated before authentication, so this does not require valid NATS credentials to exploit. The fix, present in versions 2.11.2 and 2.12.3, was to bounds the decompression to fail once the message was too large, instead of continuing on. The vulnerability only affects deployments which use WebSockets and which expose the network port to untrusted end-points.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-409Primarysecurity-advisories@github.com
CWE-770Primarysecurity-advisories@github.com
CWE ID: CWE-409
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-770
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/nats-io/nats-server/commit/f77fb7c4535e6727cc1a2899cd8e6bbdd8ba2017security-advisories@github.com
N/A
https://github.com/nats-io/nats-server/releases/tag/v2.11.12security-advisories@github.com
N/A
https://github.com/nats-io/nats-server/releases/tag/v2.12.3security-advisories@github.com
N/A
https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grwsecurity-advisories@github.com
N/A
Hyperlink: https://github.com/nats-io/nats-server/commit/f77fb7c4535e6727cc1a2899cd8e6bbdd8ba2017
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/nats-io/nats-server/releases/tag/v2.11.12
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/nats-io/nats-server/releases/tag/v2.12.3
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw
Source: security-advisories@github.com
Resource: N/A
Change History
0Changes found
Details not found