PatchSiren cyber security CVE debrief
CVE-2026-58210 nats-io CVE debrief
CVE-2026-58210 is a high-severity vulnerability in NATS Server, allowing an unauthenticated MQTT client to consume server memory by retaining large incomplete MQTT CONNECT packets before authentication completed. This issue is fixed in versions 2.14.3 and 2.12.12. Affected product deployments should be reviewed for exposure, and owners should plan for vendor-supported updates or mitigations. The vulnerability has a high CVSS score of 7.5, indicating a significant impact on the confidentiality, integrity, and availability of affected systems. Users of NATS Server should be aware of this vulnerability and take steps to mitigate it, including reviewing compensating controls and implementing monitoring for suspicious MQTT activity.
- Vendor
- nats-io
- Product
- nats-server
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-13
Who should care
Users of NATS Server versions prior to 2.14.3 and 2.12.12 should be aware of this vulnerability and take steps to mitigate it. Affected operators, platforms, and security teams should review compensating controls and implement monitoring for suspicious MQTT activity. This includes verifying affected scope, reviewing vendor guidance, and applying patches or updates to vulnerable deployments. Additionally, security teams should track exceptions, retest remediated assets, and verify evidence of mitigation to ensure the vulnerability is properly addressed.
Technical summary
An unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the parser waited for the advertised MQTT packet length. This vulnerability affects NATS Server versions prior to 2.14.3 and 2.12.12. The issue arises from the server's handling of MQTT CONNECT packets, where an attacker can cause the server to allocate and retain memory for large packets without completing the authentication process. This can lead to a denial-of-service (DoS) condition, potentially impacting the availability of the NATS Server. Users of affected versions should review their deployments and plan for updates or mitigations.
Defensive priority
High
Recommended defensive actions
- Inventory and verify NATS Server versions
- Apply patches or updates to versions 2.14.3 or 2.12.12
- Monitor for suspicious MQTT activity
- Implement compensating controls for MQTT authentication
- Review vendor guidance and official advisories
- Track exceptions and retest remediated assets
- Verify evidence of mitigation and document results
Evidence notes
The CVE record was published on 2026-07-08T20:16:53.950Z and was last modified on 2026-07-13T15:14:12.500Z. The NATS Server vulnerability allows an unauthenticated MQTT client to consume server memory. Evidence is limited, and defenders should verify affected scope and vendor guidance. The NATS Server team has provided patches for this issue, which are included in versions 2.14.3 and 2.12.12. Users should review their deployments for exposure and apply updates or mitigations as necessary. Additional verification tasks include reviewing vendor guidance, checking for compensating controls, and monitoring for suspicious MQTT activity.
Official resources
-
CVE-2026-58210 CVE record
CVE.org
-
CVE-2026-58210 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T20:16:53.950Z and has not been modified since then.