Subject: nats-server: MQTT SUBSCRIBE Protocol Injection via Leaf Node/Route Forwarding allows arbitrary NATS command injection NATS-advisory-ID: 2026-22 Aliases: GHSA-qrcv-3558-gj4f Date: 2026-06-29 Fixed-In: v2.14.1, v2.12.9. Background: NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The NATS Server supports MQTT clients and can bridge MQTT activity into NATS subjects across routes and leafnode connections. Problem Description: An MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections. This could corrupt the forwarded protocol stream and allow injection of unintended NATS protocol operations, potentially across cluster nodes or accounts where route or gateway connections are present. Anonymous MQTT deployments are higher risk because no credentials are required to reach the affected parser. Authenticated deployments are still affected for clients allowed to create MQTT subscriptions. Affected Versions: Versions v2.14.0, v2.12.8 and below are vulnerable. The issue is fixed in v2.14.1 and v2.12.9. Workarounds: Disable anonymous MQTT access where it is not required. Deployments that need MQTT have no known complete workaround other than upgrading. Credit: GitHub user @thesecguy45 References: * This document is canonically: * GHSA advisory: