{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33215", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T23:23:58.314Z", "datePublished": "2026-03-24T20:55:53.455Z", "dateUpdated": "2026-03-25T13:05:12.279Z"}, "containers": {"cna": {"title": "NATS is vulnerable to MQTT hijacking via Client ID", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "lang": "en", "description": "CWE-287: Improper Authentication", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-488", "lang": "en", "description": "CWE-488: Exposure of Data Element to Wrong Session", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879"}, {"name": "https://advisories.nats.io/CVE/secnote-2026-06.tx", "tags": ["x_refsource_MISC"], "url": "https://advisories.nats.io/CVE/secnote-2026-06.tx"}], "affected": [{"vendor": "nats-io", "product": "nats-server", "versions": [{"version": "< 2.11.15", "status": "affected"}, {"version": ">= 2.12.0-RC.1, < 2.12.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-24T20:55:53.455Z"}, "descriptions": [{"lang": "en", "value": "NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issue. No known workarounds are available."}], "source": {"advisory": "GHSA-fcjp-h8cc-6879", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T13:03:49.645986Z", "id": "CVE-2026-33215", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T13:05:12.279Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33215", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T23:23:58.314Z", "datePublished": "2026-03-24T20:55:53.455Z", "dateUpdated": "2026-03-25T13:05:12.279Z"}, "containers": {"cna": {"title": "NATS is vulnerable to MQTT hijacking via Client ID", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "lang": "en", "description": "CWE-287: Improper Authentication", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-488", "lang": "en", "description": "CWE-488: Exposure of Data Element to Wrong Session", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879"}, {"name": "https://advisories.nats.io/CVE/secnote-2026-06.tx", "tags": ["x_refsource_MISC"], "url": "https://advisories.nats.io/CVE/secnote-2026-06.tx"}], "affected": [{"vendor": "nats-io", "product": "nats-server", "versions": [{"version": "< 2.11.15", "status": "affected"}, {"version": ">= 2.12.0-RC.1, < 2.12.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-24T20:55:53.455Z"}, "descriptions": [{"lang": "en", "value": "NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issue. No known workarounds are available."}], "source": {"advisory": "GHSA-fcjp-h8cc-6879", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33215", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T13:03:49.645986Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T13:05:05.816Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:nats-server:*:*:*:*:*:*:*:*", "matchCriteriaId": "F116F812-6B39-47A4-A04D-C8AF039B65A6", "versionEndExcluding": "2.11.15", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:nats-server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B141DA72-3502-4746-A246-EE1087C993F4", "versionEndExcluding": "2.12.5", "versionStartIncluding": "2.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issue. No known workarounds are available."}, {"lang": "es", "value": "NATS-Server es un servidor de alto rendimiento para NATS.io, un sistema de mensajer\u00eda nativo de la nube y del borde. El nats-server proporciona una interfaz de cliente MQTT. Antes de las versiones 2.11.15 y 2.12.5, las sesiones y los mensajes pueden ser secuestrados mediante la malversaci\u00f3n del ID de cliente MQTT. Las versiones 2.11.15 y 2.12.5 parchean el problema. No hay soluciones alternativas conocidas disponibles."}], "id": "CVE-2026-33215", "lastModified": "2026-03-26T17:19:15.823", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-24T21:16:28.640", "references": [{"source": "security-advisories@github.com", "tags": ["Broken Link"], "url": "https://advisories.nats.io/CVE/secnote-2026-06.tx"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-488"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "nats-server: NATS-Server: Session and message hijacking via MQTT Client ID malfeasance", "id": "2451021", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451021"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", "status": "draft"}, "cwe": "CWE-290", "details": ["NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issue. No known workarounds are available.", "A flaw was found in NATS-Server. A remote attacker could exploit this vulnerability by manipulating MQTT (Message Queuing Telemetry Transport) Client IDs. This malfeasance allows for the hijacking of client sessions and messages. This could lead to unauthorized access to sensitive information or disruption of service."], "name": "CVE-2026-33215", "package_state": [{"cpe": "cpe:/a:redhat:multicluster_globalhub", "fix_state": "Affected", "package_name": "multicluster-globalhub/multicluster-globalhub-grafana-rhel9", "product_name": "Multicluster Global Hub"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/oc-mirror-plugin-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-03-24T20:55:53Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-33215\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-33215\nhttps://advisories.nats.io/CVE/secnote-2026-06.tx\nhttps://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.11.15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.12.0-RC.1,2.12.6)"}}], "enrichment": {"confidence": 91.0, "confidence_source": "matching", "scores": [{"score": 91.0, "source": "matching"}]}, "original": {"product": "nats-server", "source": "cna", "vendor": "nats-io"}, "product": "nats_server", "vendor": "nats"}], "analysis": {"en": {"generated_at": "2026-03-31T05:47:53.213818+00:00", "value": {"mitigation_remediation": ["Upgrade nats-server to version 2.11.15 or later 2.12.5 or a newer release."], "summary": {"action": "Patch immediately", "impact": "Session hijacking via MQTT Client ID manipulation"}, "threat_synthesis": {"affected_systems": "The flaw affects the nats-server by nats-io. Versions earlier than 2.11.15 and 2.12.5 are vulnerable. The issue is fixed starting with 2.11.15 and 2.12.5 and any later releases.", "description_and_impact": "The vulnerability allows an attacker to hijack active sessions and messages in the NATS-Server by crafting a malicious MQTT Client ID. This weakness can be exploited to gain unauthorized control over communication flows, potentially leading to data interception or tampering with the messaging system.", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity. The EPSS score is less than 1%, suggesting low exploitation probability, and the vulnerability is not present in the CISA KEV catalog. Based on the description, the likely attack vector involves a malicious MQTT client connecting to the server with a crafted Client ID, allowing the attacker to hijack existing sessions or manipulate messages."}}}}, "created": "2026-03-25T11:45:49.157532+00:00", "updated": "2026-03-31T20:09:18.108860+00:00", "vendors": ["nats", "nats$PRODUCT$nats_server"]}