CVE-2026-33215
MQTT Client ID Hijacking in NATS-Server Enables Session Takeover
Publication date: 2026-03-24
Last updated on: 2026-03-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linuxfoundation | nats-server | From 2.0.0 (inc) to 2.11.15 (exc) |
| linuxfoundation | nats-server | From 2.12.0 (inc) to 2.12.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-488 | The product does not sufficiently enforce boundaries between the states of different sessions, causing data to be provided to, or used by, the wrong session. |
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade your nats-server to a fixed version.
- Upgrade to nats-server version 2.11.15 or later, or 2.12.6 or later.
No known workarounds are available, so patching is the only effective immediate action.
Can you explain this vulnerability to me?
CVE-2026-33215 is a moderate severity vulnerability affecting the nats-server component of NATS.io, specifically its MQTT client interface. The vulnerability allows an attacker to hijack MQTT sessions and messages by exploiting weaknesses in how the MQTT Client ID is handled.
This issue exists in nats-server versions prior to 2.11.15 and 2.12.6 and can be exploited remotely over the network without requiring any privileges or user interaction, although the attack complexity is high.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized hijacking of MQTT sessions and messages, resulting in a high confidentiality impact where sensitive data can be accessed by attackers.
Integrity of the data is not affected, but availability impact is low. Since the attack requires no privileges and can be performed remotely, it poses a significant risk to the confidentiality of communications handled by the nats-server MQTT interface.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects the MQTT client interface of nats-server versions prior to 2.11.15 and 2.12.6. Detection involves identifying if your nats-server instance is running a vulnerable version.
You can check the version of nats-server running on your system by executing the following command:
- nats-server -version
If the version is earlier than 2.11.15 or 2.12.6, your system is vulnerable.
Additionally, monitoring network traffic for suspicious MQTT Client ID activity or session hijacking attempts may help detect exploitation attempts, but no specific detection commands or tools are provided.