PatchSiren cyber security CVE debrief
CVE-2026-57219 rabbitmq CVE debrief
CVE-2026-57219 is a high-severity vulnerability in RabbitMQ that discloses OAuth 2 client secrets to unauthenticated callers when the management plugin and OAuth configuration are enabled. The issue arises from the obsolete GET /api/auth endpoint's ability to expose credentials. This vulnerability has a CVSS score of 8.7 and is classified as HIGH. Users of RabbitMQ, especially those with management plugin and OAuth configuration enabled, should be aware of this vulnerability and take steps to mitigate it. The vulnerability is fixed in RabbitMQ versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6.
- Vendor
- rabbitmq
- Product
- rabbitmq-server
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Users of RabbitMQ, especially those with management plugin and OAuth configuration enabled, should be aware of this vulnerability and take steps to mitigate it. This includes reviewing and updating OAuth configurations to minimize exposure and disabling the management plugin if not in use.
Technical summary
The vulnerability exists in the obsolete GET /api/auth endpoint of RabbitMQ. When the management plugin and OAuth configuration are enabled, this endpoint can disclose the OAuth 2 client secret to unauthenticated callers. The issue arises from the endpoint's ability to expose credentials. The vulnerability has a CVSS score of 8.7 and is classified as HIGH. RabbitMQ installations that have the management plugin and OAuth configuration enabled should be patched to versions 3.13.15, 4.0.20, 4.1.11, or 4.2.6.
Defensive priority
High priority should be given to patching RabbitMQ installations that have the management plugin and OAuth configuration enabled.
Recommended defensive actions
- Patch RabbitMQ installations to versions 3.13.15, 4.0.20, 4.1.11, or 4.2.6.
- Disable the management plugin if not in use.
- Review and update OAuth configurations to minimize exposure.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability. Additional details can be found in the source references provided. The RabbitMQ management plugin and OAuth configuration must be verified for exposure. Defenders should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T21:16:59.060Z and has not been modified since then.