CVE-2026-58214

MEDIUM

NATS Server: MQTT subscribe ACL bypass via $MQTT.deliver.pubrel prefix (incomplete fix for CVE-2026-33217)

Title source: cna
STIX 2.1

Description

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protocol metadata for sessions in the account. This issue is fixed in versions 2.14.3 and 2.12.12.

Scores

CVSS v3 4.3
EPSS 0.0037
EPSS Percentile 28.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-863
Status published
Products (3)
linuxfoundation/nats-server < 2.12.12
nats-io/nats-server < 2.12.12
nats-io/nats-server >= 2.14.0-RC.1, < 2.14.3
Published Jul 08, 2026
Tracked Since Jul 09, 2026