A vulnerability was found in nats-io nats-server up to 2.11.14/2.12.5 . It has been rated as critical . Affected is an unknown function of the component Nats-Request-Info Header Handler . Performing a manipulation results in authentication bypass by spoofing. This vulnerability is cataloged as CVE-2026-33223 . It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.