PatchSiren

rabbitmq CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM rabbitmq CVE published 2026-07-10

CVE-2026-57221

CVE-2026-57221 is a RabbitMQ vulnerability allowing enumeration of queue and exchange names and reading of queue message and consumer counts due to lack of authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 operations. This issue affects RabbitMQ versions prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6. Users of these versions should apply patches to prevent queue and exchange enume [truncated]

HIGH rabbitmq CVE published 2026-07-10

CVE-2026-57220

CVE-2026-57220 is a HIGH severity vulnerability in RabbitMQ stream listener allowing unauthenticated remote clients to declare oversized frame lengths and consume broker memory. This issue is fixed in version 4.2.6. Users of RabbitMQ versions prior to 4.2.6 should apply the patch to prevent potential denial of service attacks. The vulnerability impacts RabbitMQ deployments, particularly those with publicl [truncated]

HIGH rabbitmq CVE published 2026-07-10

CVE-2026-57219

CVE-2026-57219 is a high-severity vulnerability in RabbitMQ that discloses OAuth 2 client secrets to unauthenticated callers when the management plugin and OAuth configuration are enabled. The issue arises from the obsolete GET /api/auth endpoint's ability to expose credentials. This vulnerability has a CVSS score of 8.7 and is classified as HIGH. Users of RabbitMQ, especially those with management plugin [truncated]

MEDIUM rabbitmq CVE published 2026-07-10

CVE-2026-57218

RabbitMQ is a messaging and streaming broker that had a vulnerability in its AMQP 0-9-1 implementation. Prior to version 4.2.6, an existing consumer could continue receiving messages after OAuth token expiry or connection.update_secret refresh to reduced scopes. This occurred because existing consumers were not properly canceled or reauthorized at delivery time after channel user state changes. The issue [truncated]

HIGH rabbitmq CVE published 2026-07-10

CVE-2026-57217

CVE-2026-57217 is a high-severity vulnerability in RabbitMQ that allows restricted topic writes and binds during metadata-store failures. The issue arises from topic-permission lookup errors from Khepri collapsing to undefined, which the internal backend treats as allow. This vulnerability is fixed in RabbitMQ versions 3.13.15, 4.0.21, 4.1.11, and 4.2.6. The vulnerability has a high severity score of 7 an [truncated]

MEDIUM rabbitmq CVE published 2026-07-10

CVE-2026-57216

CVE-2026-57216 is a medium-severity vulnerability in RabbitMQ that allows for authentication bypass under certain conditions involving PROXY-protocol paths and loopback-bound listeners. The issue arises from the way RabbitMQ handles authentication for AMQP 0-9-1, AMQP 1.0, and Stream Protocol, specifically using listener-side socket addresses instead of the real client source. This allows loopback-restric [truncated]

HIGH rabbitmq CVE published 2026-07-10

CVE-2026-57215

CVE-2026-57215 is a high-severity vulnerability in RabbitMQ that allows foreign bindings to amq.rabbitmq.reply-to destinations. This issue is fixed in RabbitMQ versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6. The vulnerability is caused by volatile direct-reply-to queues being accepted at bind and route time but missing from Khepri-backed deletion checks, leaving persistent route entries after unbind. Users o [truncated]

HIGH rabbitmq CVE published 2026-07-10

CVE-2026-57214

CVE-2026-57214 is a high-severity vulnerability in RabbitMQ's management UI. Prior to version 4.2.5, the UI renders the x-internal-purpose queue or exchange argument into an HTML title attribute without proper escaping on the Queues and Exchanges pages. This allows a user with permission to declare a queue or exchange to execute JavaScript in another user's browser. The issue is fixed in version 4.2.5. Th [truncated]

MEDIUM rabbitmq CVE published 2026-07-10

CVE-2026-57213

CVE-2026-57213 is a medium-severity vulnerability in RabbitMQ's federation management plugin. Prior to versions 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the plugin does not properly escape the consumer_tag field on the Federation Status page, allowing a user with configuration privileges to inject JavaScript code. This code would be executed in the browser of users viewing the page. The vulnerability has a CVS [truncated]

HIGH rabbitmq CVE published 2026-07-10

CVE-2026-57212

CVE-2026-57212 is a high-severity vulnerability in RabbitMQ's management HTTP API, allowing potential denial-of-service attacks via oversized JSON bodies. The issue exists in versions prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5. Users should upgrade to a patched version to mitigate this issue. The vulnerability arises from inadequate size checks in the rabbitmq_management HTTP API, specifically in the rea [truncated]

MEDIUM rabbitmq CVE published 2026-07-10

CVE-2026-57211

CVE-2026-57211 is a vulnerability in the RabbitMQ management plugin static file handler rabbit_mgmt_wm_static. Prior to versions 4.1.11 and 4.2.6 on Windows, with multiple management extension plugins enabled, URL-encoded backslashes can be passed to erl_prim_loader:read_file_info before path validation. This can cause outbound DNS and SMB requests to attacker-controlled UNC paths. The issue is fixed in v [truncated]

MEDIUM rabbitmq CVE published 2026-05-27

CVE-2026-44839

A medium-severity vulnerability in RabbitMQ messaging and streaming broker affects versions from 3.7.0 through 4.1.1 and 4.0.12. The issue, classified as CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page), has been addressed in versions 4.1.2 and 4.0.13. The CVSS 4.0 vector indicates network attack vector with high attack complexity, requiring high privileges and user interaction, [truncated]

MEDIUM rabbitmq CVE published 2026-05-27

CVE-2026-44838

A regex injection vulnerability in RabbitMQ's MQTT plugin allows authenticated users to bypass topic-level authorization controls. The flaw exists in versions 4.2.0 through 4.2.3, where user-supplied client_id values from MQTT CONNECT packets are substituted into authorization regex patterns without proper escaping of special regex characters. An attacker can craft a malicious client_id containing regex m [truncated]