{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T04:18:08.873","vulnerabilities":[{"cve":{"id":"CVE-2026-33219","sourceIdentifier":"security-advisories@github.com","published":"2026-03-25T20:16:32.777","lastModified":"2026-03-26T17:15:18.327","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can cause unbounded memory use in the nats-server before authentication; this requires sending a corresponding amount of data. This is a milder variant of CVE-2026-27571. That earlier issue was a compression bomb, this vulnerability is not. Attacks against this new issue thus require significant client bandwidth. Versions 2.11.15 and 2.12.6 contain a fix. As a workaround, disable websockets if not required for project deployment."},{"lang":"es","value":"NATS-Server es un servidor de alto rendimiento para NATS.io, un sistema de mensajería nativo de la nube y del borde. Antes de las versiones 2.11.15 y 2.12.6, un cliente malicioso que puede conectarse al puerto de WebSockets puede causar un uso de memoria ilimitado en el nats-server antes de la autenticación; esto requiere el envío de una cantidad de datos correspondiente. Esta es una variante más leve de CVE-2026-27571. Ese problema anterior era una bomba de compresión, esta vulnerabilidad no lo es. Los ataques contra este nuevo problema, por lo tanto, requieren un ancho de banda significativo del cliente. Las versiones 2.11.15 y 2.12.6 contienen una corrección. Como solución alternativa, deshabilite los websockets si no son necesarios para la implementación del proyecto."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:nats-server:*:*:*:*:*:*:*:*","versionEndExcluding":"2.11.15","matchCriteriaId":"13EA156E-2759-4586-A22E-CDEAAD4D610C"},{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:nats-server:*:*:*:*:*:*:*:*","versionStartIncluding":"2.12.0","versionEndExcluding":"2.12.6","matchCriteriaId":"4E347CFB-C56D-4FD8-8DD8-3D34C08D7154"}]}]}],"references":[{"url":"https://advisories.nats.io/CVE/secnote-2026-02.txt","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://advisories.nats.io/CVE/secnote-2026-11.txt","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://github.com/advisories/GHSA-qrvq-68c2-7grw","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://github.com/nats-io/nats-server/security/advisories/GHSA-8r68-gvr4-jh7j","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}}]}