PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57213 rabbitmq CVE debrief

CVE-2026-57213 is a medium-severity vulnerability in RabbitMQ's federation management plugin. Prior to versions 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the plugin does not properly escape the consumer_tag field on the Federation Status page, allowing a user with configuration privileges to inject JavaScript code. This code would be executed in the browser of users viewing the page. The vulnerability has a CVSS score of 5.7 and is classified as MEDIUM. The issue is fixed in the mentioned versions.

Vendor
rabbitmq
Product
rabbitmq-server
CVSS
MEDIUM 5.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Users of RabbitMQ, particularly those who can configure federation upstreams or policies, should be aware of this vulnerability. Administrators of RabbitMQ instances should ensure they are running a patched version to prevent potential JavaScript injection attacks. Operators, platform administrators, and security teams should review the official advisory and CVE record for affected scope and severity.

Technical summary

The rabbitmq_federation_management plugin in RabbitMQ does not properly escape user-supplied input in the consumer_tag field on the Federation Status page. This allows a user with privileges to configure a federation upstream or policy to inject malicious JavaScript code. When other users view the Federation Status page, this code will be executed in their browser, potentially leading to unauthorized actions or information disclosure. The vulnerability is exploitable by users with configuration privileges.

Defensive priority

Medium priority due to the requirement for specific privileges to exploit and the potential for JavaScript injection attacks.

Recommended defensive actions

  • Update RabbitMQ to version 3.13.14, 4.0.19, 4.1.10, or 4.2.5, or later.
  • Restrict access to users who can configure federation upstreams or policies.
  • Monitor for suspicious activity on the Federation Status page.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Evidence notes

The CVE record and NVD entry provide details about the vulnerability. The rabbitmq-server GitHub repository contains commits and pull requests related to the fix. Evidence is limited, and defenders should verify the affected scope and vendor guidance. The rabbitmq_federation_management plugin's lack of proper escaping in the consumer_tag field allows JavaScript injection. Users should review the official advisory and CVE record for affected scope and severity. Limited evidence suggests that the vulnerability is exploitable by users with configuration privileges.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T21:16:58.280Z and has not been modified since then.