Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-58211: CWE-863: Incorrect Authorization in nats-io nats-serverCVE-2026-58211 0 NATS Server versions prior to 2.14.3 and 2.12.12 contain an incorrect authorization vulnerability. A client could be registered as the configured no_auth_user via a parser path triggered when the first client operation was not CONNECT. This bypasses user-level connection restrictions such as allowed_connection_types or proxy_required that normal authentication would enforce. The issue is fixed in versions 2.14.3 and 2.12.12. Join the discussion | CVE Database V5 | 07/08/2026, 20:16:25 UTC Added: 07/08/2026, 20:44:01 UTC |
CVE-2026-58208: CWE-248: Uncaught Exception in nats-io nats-serverCVE-2026-58208 0 NATS Server versions prior to 2.14.3 and 2.12.12 contain a vulnerability where a WebSocket listener can route MQTT-over-WebSocket requests into MQTT handling even if MQTT is not configured. This allows an unauthenticated client with access to the WebSocket listener to reach uninitialized MQTT state and crash the server process. The issue is fixed in versions 2.14.3 and 2.12.12. Join the discussion | CVE Database V5 | 07/08/2026, 20:17:39 UTC Added: 07/08/2026, 20:44:01 UTC |
CVE-2026-58207: CWE-190: Integer Overflow or Wraparound in nats-io nats-serverCVE-2026-58207 0 NATS Server versions prior to 2.12.12 and 2.14.3 contain an integer overflow vulnerability in the handling of Connz pagination Offset and Limit values. A client sending account-scoped connection monitoring requests with specially crafted values can cause the server to crash. This issue has been fixed in versions 2.12.12 and 2.14.3. Join the discussion | CVE Database V5 | 07/08/2026, 20:15:31 UTC Added: 07/08/2026, 20:44:00 UTC |
CVE-2026-58254: CWE-863: Incorrect Authorization in nats-io nats-serverCVE-2026-58254 0 NATS Server versions prior to 2.12.8 and 2.14.3 contain an authorization flaw where message trace destination checks are inconsistently applied to messages arriving via leafnode connections. This allows a leafnode operator to send trace events to unauthorized subjects and use trace-only behavior to interfere with normal message delivery or storage. The issue is addressed in versions 2.12.8 and 2.14.3. Join the discussion | CVE Database V5 | 07/08/2026, 19:56:58 UTC Added: 07/08/2026, 20:15:37 UTC |
CVE-2026-58253: CWE-287: Improper Authentication in nats-io nats-serverCVE-2026-58253 0 NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when no_auth_user was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an unauthenticated peer to bypass inter-server CONNECT authentication and operate with the privileges associated with that connection type. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16. Join the discussion | CVE Database V5 | 07/08/2026, 19:43:13 UTC Added: 07/08/2026, 20:15:37 UTC |
CVE-2026-58252: CWE-285: Improper Authorization in nats-io nats-serverCVE-2026-58252 0 NATS Server versions prior to 2.14.0, 2.12.7, and 2.11.16 contain an improper authorization vulnerability where authenticated users could receive messages on subjects they are denied access to due to overlapping wildcard subscription rules. This issue affects message delivery and queue subscriptions. The vulnerability is fixed in versions 2.14.0, 2.12.7, and 2.11.16. Join the discussion | CVE Database V5 | 07/08/2026, 19:46:10 UTC Added: 07/08/2026, 20:15:35 UTC |
CVE-2026-58250: CWE-476: NULL Pointer Dereference in nats-io nats-serverCVE-2026-58250 0 A NULL pointer dereference vulnerability exists in nats-io nats-server versions prior to 2.11.17 and 2.12.8. An unauthenticated attacker with network access to a leafnode listener that has compression enabled can crash the server by sending repeated leafnode INFO protocol messages during the pre-authentication handshake. This issue is fixed in versions 2.11.17 and 2.12.8. Join the discussion | CVE Database V5 | 07/08/2026, 19:48:55 UTC Added: 07/08/2026, 20:15:35 UTC |
CVE-2026-58214: CWE-863: Incorrect Authorization in nats-io nats-serverCVE-2026-58214 0 NATS Server versions prior to 2.12.12 and between 2.12.12 and before 2.14.3 contain an authorization vulnerability. An authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protocol metadata for sessions in the account. This issue is addressed in versions 2.14.3 and 2.12.12. Join the discussion | CVE Database V5 | 07/08/2026, 20:06:34 UTC Added: 07/08/2026, 20:15:35 UTC |
CVE-2026-58213: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in nats-io nats-serverCVE-2026-58213 0 NATS Server versions prior to 2.14.1 and 2.12.9 contain a vulnerability where an MQTT client can inject protocol control characters into subscription filters. These characters are forwarded as NATS protocol data to route or leafnode connections, corrupting the protocol stream and enabling injection of unintended NATS protocol operations. This vulnerability is identified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component). The issue is fixed in versions 2.14.1 and 2.12.9. Join the discussion | CVE Database V5 | 07/08/2026, 19:52:12 UTC Added: 07/08/2026, 20:15:35 UTC |
CVE-2026-58210: CWE-400: Uncontrolled Resource Consumption in nats-io nats-serverCVE-2026-58210 0 NATS Server versions prior to 2.12.12 and 2.14.3 contain a vulnerability where an unauthenticated MQTT client can cause uncontrolled resource consumption by sending large incomplete MQTT CONNECT packets. This leads to the server retaining these packets in memory while waiting for the full packet, potentially exhausting server memory. The issue is fixed in versions 2.12.12 and 2.14.3. Join the discussion | CVE Database V5 | 07/08/2026, 20:13:37 UTC Added: 07/08/2026, 20:15:35 UTC |
Showing 1 to 10 of 12 results