PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-58210 nats-io CVE debrief

CVE-2026-58210 is a high-severity vulnerability in NATS Server, allowing an unauthenticated MQTT client to consume server memory by retaining large incomplete MQTT CONNECT packets before authentication completed. This issue is fixed in versions 2.14.3 and 2.12.12. Affected product deployments should be reviewed for exposure, and owners should plan for vendor-supported updates or mitigations. The vulnerability has a high CVSS score of 7.5, indicating a significant impact on the confidentiality, integrity, and availability of affected systems. Users of NATS Server should be aware of this vulnerability and take steps to mitigate it, including reviewing compensating controls and implementing monitoring for suspicious MQTT activity.

Vendor
nats-io
Product
nats-server
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-08
Original CVE updated
2026-07-13
Advisory published
2026-07-08
Advisory updated
2026-07-13

Who should care

Users of NATS Server versions prior to 2.14.3 and 2.12.12 should be aware of this vulnerability and take steps to mitigate it. Affected operators, platforms, and security teams should review compensating controls and implement monitoring for suspicious MQTT activity. This includes verifying affected scope, reviewing vendor guidance, and applying patches or updates to vulnerable deployments. Additionally, security teams should track exceptions, retest remediated assets, and verify evidence of mitigation to ensure the vulnerability is properly addressed.

Technical summary

An unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the parser waited for the advertised MQTT packet length. This vulnerability affects NATS Server versions prior to 2.14.3 and 2.12.12. The issue arises from the server's handling of MQTT CONNECT packets, where an attacker can cause the server to allocate and retain memory for large packets without completing the authentication process. This can lead to a denial-of-service (DoS) condition, potentially impacting the availability of the NATS Server. Users of affected versions should review their deployments and plan for updates or mitigations.

Defensive priority

High

Recommended defensive actions

  • Inventory and verify NATS Server versions
  • Apply patches or updates to versions 2.14.3 or 2.12.12
  • Monitor for suspicious MQTT activity
  • Implement compensating controls for MQTT authentication
  • Review vendor guidance and official advisories
  • Track exceptions and retest remediated assets
  • Verify evidence of mitigation and document results

Evidence notes

The CVE record was published on 2026-07-08T20:16:53.950Z and was last modified on 2026-07-13T15:14:12.500Z. The NATS Server vulnerability allows an unauthenticated MQTT client to consume server memory. Evidence is limited, and defenders should verify affected scope and vendor guidance. The NATS Server team has provided patches for this issue, which are included in versions 2.14.3 and 2.12.12. Users should review their deployments for exposure and apply updates or mitigations as necessary. Additional verification tasks include reviewing vendor guidance, checking for compensating controls, and monitoring for suspicious MQTT activity.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T20:16:53.950Z and has not been modified since then.