1. NATS Server Security Patch: CVE-2026-33249 Allows Unauthorized Message Trace Redirection
A critical security vulnerability in the NATS.io messaging server allows authenticated clients to redirect internal trace messages to any subject, bypassing standard publish permissions. The flaw, tracked as CVE-2026-33249, is present in versions prior to 2.12.6 and 2.11.15. While the payload is limited to valid trace ...