Skip to main content

RabbitMQ CVE-2026-57220

| EUVDEUVD-2026-43018 HIGH
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-07-10 GitHub_M
7.5
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Unauthenticated remote client triggers memory exhaustion pre-auth, so AV:N/AC:L/PR:N/UI:N; impact is availability-only, hence C:N/I:N/A:H with scope unchanged.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Patch available
Jul 10, 2026 - 22:02 EUVD
Analysis Generated
Jul 10, 2026 - 21:21 vuln.today

DescriptionCVE.org

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame lengths and consume broker memory in rabbit_stream_core. This issue is fixed in version 4.2.6.

AnalysisAI

Memory-exhaustion denial of service in RabbitMQ server prior to 4.2.6 allows an unauthenticated remote client to crash or degrade the broker via its stream protocol listener. Because the stream listener fails to enforce the configured frame-size limit while assembling frames during authentication and before Tune negotiation, an attacker can declare oversized frame lengths and force unbounded memory allocation in rabbit_stream_core. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach stream listener port 5552
Delivery
Open unauthenticated stream connection
Exploit
Declare oversized frame length pre-Tune
Execution
Broker buffers frame in rabbit_stream_core
Persist
Repeat to exhaust broker memory
Impact
Node degradation or crash (DoS)

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target run the RabbitMQ stream protocol (the rabbitmq_stream plugin/stream listener, default TCP 5552 / TLS 5551) and that this listener be network-reachable by the attacker; the malicious frames must be sent during authentication and before Tune negotiation, which is exactly the window where the frame-size limit is not enforced. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) is internally consistent with the description: network-reachable, low-complexity, no privileges, no user interaction, and a pure availability impact with no confidentiality or integrity loss. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the RabbitMQ stream listener port opens a connection and, during the pre-authentication handshake before Tune negotiation, sends frames declaring very large frame lengths. The broker attempts to buffer these oversized frames in rabbit_stream_core without enforcing the frame-size cap, and repeated or parallel connections drive memory consumption until the node degrades or is killed by the OS or memory alarm. …
Remediation Vendor-released patch: 4.2.6 - upgrade RabbitMQ server to 4.2.6 or later, which enforces the stream frame-size limit during frame assembly in the pre-Tune authentication phase (fixes in pull requests https://github.com/rabbitmq/rabbitmq-server/pull/16171 and https://github.com/rabbitmq/rabbitmq-server/pull/16173 and commits 595ec28fa1621b1f2c28124e4e0466a8ad963547 and 773a49c4921e8be990262a2d609c35916825679e; advisory at https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-f364-87q5-j35q). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all RabbitMQ deployments, identify instances running versions prior to 4.2.6, and confirm which have exposed stream protocol listeners on network perimeter. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2019-11287 HIGH POC
7.5 Nov 23

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x ver

CVE-2016-9877 CRITICAL
9.8 Dec 29

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.

CVE-2025-50200 MEDIUM POC
5.5 Jun 19

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in

CVE-2026-57219 HIGH
8.7 Jul 10

Sensitive credential disclosure in RabbitMQ affects installations running the management plugin with OAuth 2 configured

CVE-2017-4966 HIGH
7.8 Jun 13

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions p

CVE-2021-22117 HIGH
7.8 May 18

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing

CVE-2026-57214 HIGH
7.1 Jul 10

Stored cross-site scripting in the RabbitMQ management UI (versions prior to 4.2.5) lets a user holding queue/exchange d

CVE-2026-57212 HIGH
7.1 Jul 10

Uncontrolled resource consumption in the RabbitMQ Management plugin's HTTP API lets an authenticated client crash or deg

CVE-2026-57217 HIGH
7.0 Jul 10

Authorization bypass in RabbitMQ topic permissions lets an authenticated user with restricted topic rights publish to or

CVE-2026-57215 HIGH
7.0 Jul 10

Improper authorization in RabbitMQ broker (versions prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6) allows an authenticated

CVE-2026-57216 CRITICAL
10.0 Jul 10

Authentication bypass in RabbitMQ (broker versions prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6) lets a loopback-restrict

CVE-2026-57211 CRITICAL
10.0 Jul 10

Server-side request forgery and NTLM credential exposure in the RabbitMQ management plugin (versions 4.1.0 to before 4.1

Share

CVE-2026-57220 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy