CRE-2025-0095

NATS Connection Exhaustion: Maximum Connections ExceededHigh

Impact: 9/10

Mitigation: 7/10

CRE-2025-0095View on GitHub

NATSConnection ExhaustionCritical Infrastructure

Description

Detects NATS server connection exhaustion where the configured maximum\nconnection limit is exceeded, preventing new clients from establishing\nconnections. This represents a critical messaging infrastructure failure\nthat can cause cascading outages across distributed systems.\n

Mitigation

IMMEDIATE ACTIONS (CRITICAL):\n- Check current NATS connection usage: `curl http://nats-server:8222/connz`\n- Identify which services/IPs are consuming connection slots\n- Temporarily increase max_connections in NATS server configuration\n- Restart NATS server with updated connection limits to restore service\n\nRECOVERY:\n- Scale NATS infrastructure horizontally by adding server instances\n- Configure NATS clustering for high availability and load distribution\n- Implement proper connection pooling and reuse in client applications\n\nPREVENTION:\n- Monitor NATS connection metrics with alerting at 75-80% capacity\n- Implement graceful connection handling and retry logic in clients\n- Regular load testing to validate connection capacity planning\n

References

• https://docs.nats.io/running-a-nats-service/configuration
• https://docs.nats.io/running-a-nats-service/configuration/resource_management