{"id":"GO-2026-4533","summary":"nats-server websockets are vulnerable to pre-auth memory DoS in github.com/nats-io/nats-server","details":"nats-server websockets are vulnerable to pre-auth memory DoS in github.com/nats-io/nats-server","aliases":["BIT-nats-2026-27571","CVE-2026-27571","GHSA-qrvq-68c2-7grw"],"modified":"2026-03-17T05:09:36.699754Z","published":"2026-02-25T23:07:04Z","related":["CGA-5692-h4qc-9hgr"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2026-4533","review_status":"UNREVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw"},{"type":"FIX","url":"https://github.com/nats-io/nats-server/commit/f77fb7c4535e6727cc1a2899cd8e6bbdd8ba2017"},{"type":"WEB","url":"https://github.com/nats-io/nats-server/releases/tag/v2.11.12"},{"type":"WEB","url":"https://github.com/nats-io/nats-server/releases/tag/v2.12.3"}],"affected":[{"package":{"name":"github.com/nats-io/nats-server","ecosystem":"Go","purl":"pkg:golang/github.com/nats-io/nats-server"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4533.json"}},{"package":{"name":"github.com/nats-io/nats-server/v2","ecosystem":"Go","purl":"pkg:golang/github.com/nats-io/nats-server/v2"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.11.12"},{"introduced":"2.12.0-RC.1"},{"fixed":"2.12.3"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4533.json"}}],"schema_version":"1.7.5"}