NATS-Server 2.x Leafnode Crash via Compression Pre-Auth
CVE-2026-29785 Published on March 25, 2026

NATS Server panic via malicious compression on leafnode port
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled (not default), then anyone who can connect can crash the nats-server by triggering a panic. This happens pre-authentication and requires that compression be enabled (which it is, by default, when leafnodes are used). Versions 2.11.14 and 2.12.5 contain a fix. As a workaround, disable compression on the leafnode port.

NVD

Vulnerability Analysis

CVE-2026-29785 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Types

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.

What is a Data Amplification Vulnerability?

The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output. An example of data amplification is a "decompression bomb," a small ZIP file that can produce a large amount of data when it is decompressed.

CVE-2026-29785 has been classified to as a Data Amplification vulnerability or weakness.


Products Associated with CVE-2026-29785

stack.watch emails you whenever new vulnerabilities are published in Red Hat Multicluster Globalhub or Red Hat Openshift. Just hit a watch button to start following.

Red Hat Multicluster Globalhub
 
Red Hat Openshift
 

Affected Versions

nats-io nats-server: Red Hat Multicluster Global Hub 1.4.5: Red Hat Multicluster Global Hub 1.5.4: Red Hat Multicluster Global Hub 1.6.2: Red Hat OpenShift Container Platform 4:

Exploit Probability

EPSS
0.39%
Percentile
30.30%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.