Skip to main content

RabbitMQ Server CVE-2026-57218

| EUVDEUVD-2026-43020 MEDIUM
Incorrect Authorization (CWE-863)
2026-07-10 GitHub_M
4.9
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
4.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.3 MEDIUM

AC:H reflects the required precondition (OAuth expiry or scope reduction while consumer is live); PR:L for authenticated consumer; S:C and C:H for cross-boundary confidentiality breach; no integrity or availability impact.

3.1 AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 10, 2026 - 22:02 EUVD
Analysis Generated
Jul 10, 2026 - 21:59 vuln.today

DescriptionCVE.org

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.update_secret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after the channel user state changes. This issue is fixed in version 4.2.6.

AnalysisAI

RabbitMQ Server prior to 4.2.6 fails to cancel or reauthorize existing AMQP 0-9-1 consumers when an OAuth token expires or when connection.update_secret reduces token scopes, allowing an authenticated consumer to continue receiving messages it is no longer authorized to access. The broker evaluates authorization only at consumer registration time, not at message delivery time, creating a persistent authorization bypass window for as long as the connection remains open. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate via OAuth token
Delivery
Register AMQP 0-9-1 consumer on sensitive queue
Exploit
Token expires or admin reduces scopes via update_secret
Execution
Broker updates channel user state but skips consumer reauthorization
Impact
Consumer continues receiving restricted messages beyond authorization window

Vulnerability AssessmentAI

Exploitation Three concurrent conditions must be met: (1) RabbitMQ Server must be configured to use OAuth 2.0 token-based authentication for AMQP 0-9-1; (2) an attacker or legitimate user must have an active consumer registered on a channel before token expiry or scope reduction occurs; and (3) the OAuth token must subsequently expire or an explicit connection.update_secret call reducing scopes must be issued while that consumer connection remains open. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 4.9 with vector AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N captures an important nuance: while network-accessible and low-complexity at the transport level, exploitation requires an attack precondition (AT:P) - specifically, OAuth token expiry or an administrator-triggered scope reduction must occur while the consumer connection is live. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated low-privileged user establishes an AMQP 0-9-1 connection using a valid OAuth token with read access to a sensitive queue and registers a consumer. An administrator subsequently reduces the token's OAuth scopes via connection.update_secret - or the token expires - to revoke queue access, but the broker does not cancel or recheck the existing consumer, which continues silently draining messages from the queue beyond the intended authorization window. …
Remediation Upgrade to RabbitMQ Server 4.2.6 or later, which resolves the issue per the official release at https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.2.6 (implemented via pull requests #16092 and #16097 with commits 501ad947 and db20d6c0). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2019-11287 HIGH POC
7.5 Nov 23

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x ver

CVE-2016-9877 CRITICAL
9.8 Dec 29

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.

CVE-2025-50200 MEDIUM POC
5.5 Jun 19

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in

CVE-2026-57219 HIGH
8.7 Jul 10

Sensitive credential disclosure in RabbitMQ affects installations running the management plugin with OAuth 2 configured

CVE-2017-4966 HIGH
7.8 Jun 13

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions p

CVE-2021-22117 HIGH
7.8 May 18

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing

CVE-2026-57220 HIGH
7.5 Jul 10

Memory-exhaustion denial of service in RabbitMQ server prior to 4.2.6 allows an unauthenticated remote client to crash o

CVE-2026-57214 HIGH
7.1 Jul 10

Stored cross-site scripting in the RabbitMQ management UI (versions prior to 4.2.5) lets a user holding queue/exchange d

CVE-2026-57212 HIGH
7.1 Jul 10

Uncontrolled resource consumption in the RabbitMQ Management plugin's HTTP API lets an authenticated client crash or deg

CVE-2026-57217 HIGH
7.0 Jul 10

Authorization bypass in RabbitMQ topic permissions lets an authenticated user with restricted topic rights publish to or

CVE-2026-57215 HIGH
7.0 Jul 10

Improper authorization in RabbitMQ broker (versions prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6) allows an authenticated

CVE-2026-57216 CRITICAL
10.0 Jul 10

Authentication bypass in RabbitMQ (broker versions prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6) lets a loopback-restrict

Share

CVE-2026-57218 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy