🟠 High  |  Source: Microsoft Security Response Center


CVE-2026-58252 is a vulnerability in NATS Server that allows an attacker to bypass subscription authorisation controls by exploiting overlapping wildcard patterns. This means a client could subscribe to subjects they are not permitted to access, potentially exposing sensitive messages flowing through the messaging system. NATS is commonly used in cloud-native and microservices architectures, making this a notable risk for environments where message confidentiality and access control are critical.

Security Architect’s Take: Audit all NATS Server deployments within your Azure-hosted or cloud-native workloads and apply the vendor patch immediately; in the interim, review your authorisation policies for wildcard subject patterns and restrict permissions to the narrowest possible scope.

Original advisory: CVE-2026-58252 NATS Server: Subscribe Authz Bypass via Wildcard-Overlap