<Vulnerability name="CVE-2026-58252">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Moderate</ThreatSeverity>
    <PublicDate>2026-07-08T19:46:10</PublicDate>
    <Bugzilla id="2498262" url="https://bugzilla.redhat.com/show_bug.cgi?id=2498262" xml:lang="en:us">
github.com/nats-io/nats-server: NATS Server: Information disclosure via access control bypass in wildcard and queue subscriptions
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>6.5</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-551</CWE>
    <Details xml:lang="en:us" source="Mitre">
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset of it, and queue subscriptions could also affect delivery to legitimate queue consumers. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in NATS Server. An authenticated user could bypass configured access restrictions and receive messages on subjects that were explicitly denied. This occurs when a wildcard subscription overlaps with a wildcard deny rule but is not a direct subset, or when queue subscriptions interfere with legitimate message delivery. This could lead to unauthorized information disclosure.
    </Details>
    <Statement xml:lang="en:us">
Moderate: An information disclosure flaw in NATS Server allows an authenticated user to bypass configured access restrictions, enabling them to receive messages on subjects that should be denied. This occurs when wildcard subscriptions overlap with deny rules or when queue subscriptions interfere with message delivery.
    </Statement>
    <Mitigation xml:lang="en:us">
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
    </Mitigation>
    <PackageState cpe="cpe:/a:redhat:hummingbird:1">
        <ProductName>Red Hat Hardened Images</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>nats-server2.12</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:hummingbird:1">
        <ProductName>Red Hat Hardened Images</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>nats-server2.14</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-58252
https://nvd.nist.gov/vuln/detail/CVE-2026-58252
https://github.com/nats-io/nats-server/commit/8ced85a11497f86704a95d960281480ce037386b
https://github.com/nats-io/nats-server/commit/a42a6d1e258eb5c3a2190384d31965a4b715e854
https://github.com/nats-io/nats-server/commit/e611ca9604697b02d8f22beb76037400a9cf72e6
https://github.com/nats-io/nats-server/releases/tag/v2.11.16
https://github.com/nats-io/nats-server/releases/tag/v2.12.7
https://github.com/nats-io/nats-server/releases/tag/v2.14.0
https://github.com/nats-io/nats-server/security/advisories/GHSA-wh7g-5m82-pmhr
    </References>
</Vulnerability>