PatchSiren cyber security CVE debrief
CVE-2026-58214 nats-io CVE debrief
CVE-2026-58214 is a MEDIUM severity vulnerability in NATS Server, allowing an authenticated MQTT client to bypass subscribe permissions. This issue enables clients to access internal $MQTT.deliver.pubrel subject family, potentially exposing MQTT QoS2 protocol metadata for sessions in the account. The vulnerability is fixed in NATS Server versions 2.14.3 and 2.12.12. Users of affected versions should apply patches to prevent exploitation.
- Vendor
- nats-io
- Product
- nats-server
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-13
Who should care
Users of NATS Server versions prior to 2.14.3 or 2.12.12 should apply patches to prevent authenticated MQTT clients from bypassing subscribe permissions. This includes operators of NATS Server deployments who have not yet updated to the patched versions. Additionally, security teams and vulnerability management teams should review the vulnerability's impact on their environments and plan for mitigation.
Technical summary
Prior to NATS Server versions 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions. This allows the client to expose MQTT QoS2 protocol metadata for sessions in the account. The issue arises from inadequate permission checks on internal subjects, which can be exploited by clients with valid authentication credentials. The fix involves enhancing permission checks to prevent unauthorized access to these internal subjects.
Defensive priority
Apply patches to prevent authenticated MQTT clients from bypassing subscribe permissions in NATS Server. Restrict access to internal subjects and monitor for suspicious activity.
Recommended defensive actions
- Apply patches to NATS Server versions prior to 2.14.3 or 2.12.12
- Restrict access to internal $MQTT.deliver.pubrel subject family
- Monitor for suspicious MQTT client activity
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-08T20:16:54.347Z and was last modified on 2026-07-13T15:17:13.573Z. The NVD entry is currently Analyzed. Evidence is limited to public sources and may not reflect the full scope of affected systems or potential impacts. Defenders should verify the vulnerability's relevance to their environments through additional research and validation.
Official resources
-
CVE-2026-58214 CVE record
CVE.org
-
CVE-2026-58214 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T20:16:54.347Z and has not been modified since then. The NVD entry is currently Analyzed.