PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-58213 nats-io CVE debrief

CVE-2026-58213 is a high-severity vulnerability in NATS Server, a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to versions 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupting the forwarded protocol stream and allowing injection of unintended NATS protocol operations. The affected product is NATS Server, and the vulnerability class is related to improper handling of MQTT subscription filters.

Vendor
nats-io
Product
nats-server
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-08
Original CVE updated
2026-07-13
Advisory published
2026-07-08
Advisory updated
2026-07-13

Who should care

Users of NATS Server, especially those using MQTT clients, should be aware of this vulnerability and take steps to mitigate it. This includes upgrading to versions 2.14.1 or 2.12.9, or applying the provided patches. Operators, platform administrators, and security teams should review the vulnerability and apply necessary mitigations to prevent exploitation.

Technical summary

The vulnerability exists in the way NATS Server handles MQTT subscription filters. An MQTT client can include protocol control characters in these filters, which are then forwarded to other connections, potentially allowing an attacker to inject malicious NATS protocol operations. This issue has been fixed in versions 2.14.1 and 2.12.9 of NATS Server. The affected product is NATS Server, and the vulnerability class is related to improper handling of MQTT subscription filters.

Defensive priority

High

Recommended defensive actions

  • Upgrade to NATS Server version 2.14.1 or 2.12.9
  • Apply patches provided by the vendor
  • Monitor for suspicious MQTT subscription filter activity
  • Restrict MQTT client access to sensitive areas of the system
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-08T20:16:54.180Z and last modified on 2026-07-13T15:16:22.260Z. The NVD entry is currently Analyzed. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability. Defenders should verify affected systems and apply patches or mitigations as recommended by the vendor.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T20:16:54.180Z and has not been modified since then. The NVD entry is currently Analyzed.