🟠 High  |  Source: Microsoft Security Response Center


CVE-2026-58207 is a vulnerability in NATS Server, a messaging system used in cloud-native environments, where an integer overflow in the Connz pagination handler can be triggered remotely to crash the server. An unauthenticated or low-privilege attacker could exploit this to cause a denial of service, disrupting messaging infrastructure that many microservices architectures depend on. The availability impact makes this particularly significant in production environments where NATS is a critical communication backbone.

Security Architect’s Take: Audit your Azure-hosted and wider cloud-native workloads for NATS Server deployments and apply vendor patches immediately; in the interim, restrict network access to NATS management and monitoring endpoints (typically port 8222) via NSGs or firewall rules to limit exposure to the Connz API.

Original advisory: CVE-2026-58207 NATS Server: Remote crash via integer overflow in Connz pagination