CVE-2026-29785: CWE-476: NULL Pointer Dereference in nats-io nats-server
CVE-2026-29785 is a high-severity vulnerability in nats-io nats-server affecting versions prior to 2. 11. 14 and between 2. 12. 0-RC. 1 and 2. 12. 5. When the leafnode configuration is enabled and compression is active (which is the default in this mode), an unauthenticated attacker who can connect to the server can cause a NULL pointer dereference leading to a server crash. This occurs before authentication, making it a denial-of-service risk.
AI Analysis
Technical Summary
The vulnerability CVE-2026-29785 in nats-io nats-server is a NULL pointer dereference (CWE-476) that can be triggered by an unauthenticated attacker connecting to a server with leafnode enabled and compression active. This causes the server to panic and crash, resulting in denial of service. The issue affects versions prior to 2.11.14 and between 2.12.0-RC.1 and 2.12.5. The problem occurs pre-authentication and requires compression to be enabled, which is the default when leafnodes are used. The vendor has released fixed versions 2.11.14 and 2.12.5 that resolve this vulnerability. A temporary mitigation is to disable compression on the leafnode port until the server is updated.
Potential Impact
An unauthenticated attacker who can connect to a nats-server instance with leafnode enabled and compression active can cause the server to crash by triggering a NULL pointer dereference. This results in a denial of service condition. There is no impact on confidentiality or integrity according to the CVSS vector. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Upgrade nats-server to version 2.11.14 or 2.12.5 or later, which contain an official fix for this vulnerability. Until an upgrade can be performed, disable compression on the leafnode port as a temporary workaround to prevent the crash. No other mitigation steps are indicated by the vendor advisory.
CVE-2026-29785: CWE-476: NULL Pointer Dereference in nats-io nats-server
Description
CVE-2026-29785 is a high-severity vulnerability in nats-io nats-server affecting versions prior to 2. 11. 14 and between 2. 12. 0-RC. 1 and 2. 12. 5. When the leafnode configuration is enabled and compression is active (which is the default in this mode), an unauthenticated attacker who can connect to the server can cause a NULL pointer dereference leading to a server crash. This occurs before authentication, making it a denial-of-service risk.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-29785 in nats-io nats-server is a NULL pointer dereference (CWE-476) that can be triggered by an unauthenticated attacker connecting to a server with leafnode enabled and compression active. This causes the server to panic and crash, resulting in denial of service. The issue affects versions prior to 2.11.14 and between 2.12.0-RC.1 and 2.12.5. The problem occurs pre-authentication and requires compression to be enabled, which is the default when leafnodes are used. The vendor has released fixed versions 2.11.14 and 2.12.5 that resolve this vulnerability. A temporary mitigation is to disable compression on the leafnode port until the server is updated.
Potential Impact
An unauthenticated attacker who can connect to a nats-server instance with leafnode enabled and compression active can cause the server to crash by triggering a NULL pointer dereference. This results in a denial of service condition. There is no impact on confidentiality or integrity according to the CVSS vector. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Upgrade nats-server to version 2.11.14 or 2.12.5 or later, which contain an official fix for this vulnerability. Until an upgrade can be performed, disable compression on the leafnode port as a temporary workaround to prevent the crash. No other mitigation steps are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-04T16:26:02.899Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69c43f15f4197a8e3b7dafd6
Added to database: 3/25/2026, 8:01:25 PM
Last enriched: 4/3/2026, 1:14:24 PM
Last updated: 5/7/2026, 3:02:56 AM
Views: 36
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.