Description
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal arithmetic before the response window was safely bounded. This issue is fixed in versions 2.14.3 and 2.12.12.
Published: 2026-07-08
Score: 7.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A client capable of sending account‑scoped connection monitoring requests can exploit an integer overflow in the NATS Server’s Connz pagination logic. By supplying Offset and Limit values that exceed internal arithmetic limits before bounds are safely enforced, the server process crashes. The vulnerability is a classic Out‑Of‑Bounds or Arithmetic Overflow flaw (CWE‑190) that results in a denial of service condition rather than code execution.

Affected Systems

The issue affects nats-io’s NATS Server product for all releases preceding 2.12.12 and 2.14.3. Administrators should verify their installed version and plan to upgrade if running a vulnerable build.

Risk and Exploitability

With a CVSS score of 7.7 the vulnerability represents a high‑severity denial of service risk. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is over the network, where an attacker can craft a malformed Connz request and trigger a server crash. No conditions for privilege escalation or remote code execution are noted, but the crash can interrupt service availability for all connected clients.

Generated by OpenCVE AI on July 9, 2026 at 04:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade nats-server to version 2.12.12 or later, or to 2.14.3 if available. This patch removes the unchecked arithmetic that allows overflow in Connz pagination.
  • If an immediate upgrade is not feasible, restrict access to the Connz monitoring endpoint to trusted administrators or separate network segments so that only authorized clients can send monitoring requests.
  • Disable or remove the Connz monitoring feature entirely if it is not required for operational visibility, thereby eliminating the trigger vector for the overflow.

Generated by OpenCVE AI on July 9, 2026 at 04:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Jul 2026 20:45:00 +0000

Type Values Removed Values Added
Description NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal arithmetic before the response window was safely bounded. This issue is fixed in versions 2.14.3 and 2.12.12.
Title NATS Server: Remote crash via integer overflow in Connz pagination
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-07-08T20:15:31.082Z

Reserved: 2026-06-29T17:09:25.872Z

Link: CVE-2026-58207

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T04:15:12Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound