{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-24T11:23:25.910","vulnerabilities":[{"cve":{"id":"CVE-2026-33248","sourceIdentifier":"security-advisories@github.com","published":"2026-03-25T21:16:47.563","lastModified":"2026-03-26T16:22:06.270","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with `verify_and_map` to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be correctly enforced, allowing for authentication bypass. This does require a valid certificate from a CA already trusted for client certificates, and `DN` naming patterns which the NATS maintainers consider highly unlikely. So this is an unlikely attack. Nonetheless, administrators who have been very sophisticated in their `DN` construction patterns might conceivably be impacted. Versions 2.11.15 and 2.12.6 contain a fix. As a workaround, developers should review their CA issuing practices."},{"lang":"es","value":"NATS-Server es un servidor de alto rendimiento para NATS.io, un sistema de mensajería nativo de la nube y del *edge*. Antes de las versiones 2.11.15 y 2.12.6, al usar mTLS para la identidad del cliente, con 'verify_and_map' para derivar una identidad NATS del DN del Asunto del certificado del cliente, ciertos patrones de RDN no se aplicarían correctamente, permitiendo la omisión de autenticación. Esto requiere un certificado válido de una CA ya confiable para certificados de cliente, y patrones de nombres de 'DN' que los mantenedores de NATS consideran altamente improbables. Por lo tanto, este es un ataque improbable. No obstante, los administradores que han sido muy sofisticados en sus patrones de construcción de 'DN' podrían verse afectados. Las versiones 2.11.15 y 2.12.6 contienen una corrección. Como solución alternativa, los desarrolladores deberían revisar sus prácticas de emisión de CA."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:nats-server:*:*:*:*:*:*:*:*","versionEndExcluding":"2.11.15","matchCriteriaId":"13EA156E-2759-4586-A22E-CDEAAD4D610C"},{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:nats-server:*:*:*:*:*:*:*:*","versionStartIncluding":"2.12.0","versionEndExcluding":"2.12.6","matchCriteriaId":"4E347CFB-C56D-4FD8-8DD8-3D34C08D7154"}]}]}],"references":[{"url":"https://advisories.nats.io/CVE/secnote-2026-13.txt","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/nats-io/nats-server/security/advisories/GHSA-3f24-pcvm-5jqc","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}