Skip to main content

RabbitMQ CVE-2026-57221

| EUVDEUVD-2026-43023 MEDIUM
Missing Authorization (CWE-862)
2026-07-10 GitHub_M
5.3
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.3 MEDIUM

Network-accessible via AMQP but requires low-privilege vhost authentication (PR:L); impact is limited to metadata confidentiality disclosure with no integrity or availability component.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 10, 2026 - 22:02 EUVD
Analysis Generated
Jul 10, 2026 - 22:00 vuln.today
CVE Published
Jul 10, 2026 - 20:24 cve.org
MEDIUM 5.3

DescriptionCVE.org

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 operations, allowing any authenticated user who can connect to a virtual host to enumerate queue and exchange names and read queue message and consumer counts. This issue is fixed in versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6.

AnalysisAI

Authenticated RabbitMQ users can bypass authorization controls on passive AMQP 0-9-1 declare operations, exposing internal broker topology metadata across all affected release branches (3.13.x, 4.0.x, 4.1.x, 4.2.x). The missing authorization check on passive queue.declare and exchange.declare allows any user with vhost connectivity to enumerate queue and exchange names and read live message and consumer counts without requiring elevated permissions. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain any valid RabbitMQ vhost credential
Delivery
Connect via AMQP 0-9-1
Exploit
Send passive queue.declare and exchange.declare frames
Execution
Bypass missing authorization check
Persist
Enumerate queue/exchange names and live message counts
Impact
Map internal broker topology for follow-on targeting

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid RabbitMQ credential with permission to connect to at least one virtual host - the authorization bypass occurs only after this initial authentication gate is cleared. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N) reflects a network-accessible flaw exploitable with only low-privilege authenticated access, requiring no attack complexity or user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker holding any valid RabbitMQ credential - such as a compromised low-privilege service account or a shared application credential - connects to a target virtual host over the standard AMQP 0-9-1 interface and sends a series of passive queue.declare frames for arbitrary or guessed queue names. Because the broker performs no authorization check on these operations, it returns confirmation, message counts, and consumer counts for each existing queue, allowing the attacker to enumerate the full broker topology without triggering permission errors. …
Remediation Upgrade RabbitMQ server to one of the patched releases corresponding to the deployed branch: 3.13.15, 4.0.20, 4.1.11, or 4.2.6. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2019-11287 HIGH POC
7.5 Nov 23

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x ver

CVE-2016-9877 CRITICAL
9.8 Dec 29

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.

CVE-2025-50200 MEDIUM POC
5.5 Jun 19

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in

CVE-2026-57219 HIGH
8.7 Jul 10

Sensitive credential disclosure in RabbitMQ affects installations running the management plugin with OAuth 2 configured

CVE-2017-4966 HIGH
7.8 Jun 13

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions p

CVE-2021-22117 HIGH
7.8 May 18

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing

CVE-2026-57220 HIGH
7.5 Jul 10

Memory-exhaustion denial of service in RabbitMQ server prior to 4.2.6 allows an unauthenticated remote client to crash o

CVE-2026-57214 HIGH
7.1 Jul 10

Stored cross-site scripting in the RabbitMQ management UI (versions prior to 4.2.5) lets a user holding queue/exchange d

CVE-2026-57212 HIGH
7.1 Jul 10

Uncontrolled resource consumption in the RabbitMQ Management plugin's HTTP API lets an authenticated client crash or deg

CVE-2026-57217 HIGH
7.0 Jul 10

Authorization bypass in RabbitMQ topic permissions lets an authenticated user with restricted topic rights publish to or

CVE-2026-57215 HIGH
7.0 Jul 10

Improper authorization in RabbitMQ broker (versions prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6) allows an authenticated

CVE-2026-57216 CRITICAL
10.0 Jul 10

Authentication bypass in RabbitMQ (broker versions prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6) lets a loopback-restrict

Share

CVE-2026-57221 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy