🟠 High  |  Source: Microsoft Security Response Center


CVE-2026-58251 is an authorisation bypass vulnerability in NATS Server affecting the Queue Subscribe feature, which allows clients to receive messages from shared queues. An attacker who can connect to a NATS instance may be able to subscribe to queue groups they are not authorised to access, potentially exposing sensitive messages or enabling lateral movement within a messaging infrastructure. This is particularly relevant to Azure-hosted workloads that use NATS as a messaging backbone.

Security Architect’s Take: Audit all NATS Server deployments on Azure for exposure — prioritise instances accessible beyond a single trust boundary and review queue subscription permissions. Apply vendor patches immediately and consider restricting NATS client connectivity via network policy or service mesh controls until patched versions are confirmed in place.

Original advisory: CVE-2026-58251 NATS Server: Queue Subscribe Authz Bypass