A vulnerability categorized as critical has been discovered in nats-io nats-server up to 2.11.14/2.12.5 . Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to incorrect authorization. This vulnerability is registered as CVE-2026-33217 . It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.