PatchSiren cyber security CVE debrief
CVE-2026-58213 nats-io CVE debrief
CVE-2026-58213 is a high-severity vulnerability in NATS Server, a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to versions 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupting the forwarded protocol stream and allowing injection of unintended NATS protocol operations. The affected product is NATS Server, and the vulnerability class is related to improper handling of MQTT subscription filters.
- Vendor
- nats-io
- Product
- nats-server
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-13
Who should care
Users of NATS Server, especially those using MQTT clients, should be aware of this vulnerability and take steps to mitigate it. This includes upgrading to versions 2.14.1 or 2.12.9, or applying the provided patches. Operators, platform administrators, and security teams should review the vulnerability and apply necessary mitigations to prevent exploitation.
Technical summary
The vulnerability exists in the way NATS Server handles MQTT subscription filters. An MQTT client can include protocol control characters in these filters, which are then forwarded to other connections, potentially allowing an attacker to inject malicious NATS protocol operations. This issue has been fixed in versions 2.14.1 and 2.12.9 of NATS Server. The affected product is NATS Server, and the vulnerability class is related to improper handling of MQTT subscription filters.
Defensive priority
High
Recommended defensive actions
- Upgrade to NATS Server version 2.14.1 or 2.12.9
- Apply patches provided by the vendor
- Monitor for suspicious MQTT subscription filter activity
- Restrict MQTT client access to sensitive areas of the system
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-08T20:16:54.180Z and last modified on 2026-07-13T15:16:22.260Z. The NVD entry is currently Analyzed. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability. Defenders should verify affected systems and apply patches or mitigations as recommended by the vendor.
Official resources
-
CVE-2026-58213 CVE record
CVE.org
-
CVE-2026-58213 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Mitigation or vendor reference
[email protected] - Release Notes
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T20:16:54.180Z and has not been modified since then. The NVD entry is currently Analyzed.