A vulnerability was found in nats-io nats-server up to 2.11.14/2.12.5 and classified as problematic . The impacted element is an unknown function of the component MQTT Password Handler . The manipulation results in cleartext transmission of sensitive information. This vulnerability is identified as CVE-2026-33216 . The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.