Severity: Critical
CVSS Score: 9.8
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.