Skip to main content

RabbitMQ EUVDEUVD-2026-43014

| CVE-2026-57213 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-10 GitHub_M
5.7
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
5.7 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.8 MEDIUM

Stored XSS requires high privileges to plant payload and user interaction to trigger; scope changes to victim browser with limited session-level C and I impact.

3.1 AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
P
Scope
X

Lifecycle Timeline

2
Patch available
Jul 10, 2026 - 22:02 EUVD
Analysis Generated
Jul 10, 2026 - 21:48 vuln.today

DescriptionCVE.org

RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_federation_management plugin renders the consumer_tag field on the Federation Status page without HTML escaping, allowing a user who can configure a federation upstream or policy to execute JavaScript in the browser of a user viewing that page. This issue is fixed in versions 3.13.14, 4.0.19, 4.1.10, and 4.2.5.

AnalysisAI

Stored cross-site scripting in the RabbitMQ federation management plugin allows any user with federation upstream or policy configuration privileges to execute arbitrary JavaScript in the browser of an administrator viewing the Federation Status page. The rabbitmq_federation_management plugin renders the consumer_tag field without HTML escaping, making it a persistent injection vector that fires passively when a victim navigates to the page. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to RabbitMQ management API with admin credentials
Delivery
Configure federation upstream or policy with malicious consumer_tag payload
Exploit
Wait for second administrator to view Federation Status page
Execution
Injected JavaScript executes in victim browser
Persist
Exfiltrate session token to attacker-controlled endpoint
Impact
Replay session token for full management API access

Vulnerability AssessmentAI

Exploitation Two specific conditions must be met simultaneously. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:H/UI:P, score 5.7) encodes three meaningful constraints that substantially reduce real-world risk relative to a generic XSS. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker holding RabbitMQ administrative credentials configures a federation upstream with a consumer_tag payload containing a JavaScript snippet designed to exfiltrate the victim's management UI session cookie to an attacker-controlled endpoint. When a second administrator subsequently navigates to the Federation Status page, the unescaped tag renders as live script in the victim's browser, executing the payload and transmitting their session token. …
Remediation Upgrade RabbitMQ to one of the vendor-released patched versions: 3.13.14, 4.0.19, 4.1.10, or 4.2.5, which introduce HTML escaping for the consumer_tag field via the fixes in PRs #15708 and #15711 (commits 33dedfe4 and c2d0d69e). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2019-11287 HIGH POC
7.5 Nov 23

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x ver

CVE-2016-9877 CRITICAL
9.8 Dec 29

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.

CVE-2025-50200 MEDIUM POC
5.5 Jun 19

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in

CVE-2026-57219 HIGH
8.7 Jul 10

Sensitive credential disclosure in RabbitMQ affects installations running the management plugin with OAuth 2 configured

CVE-2017-4966 HIGH
7.8 Jun 13

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions p

CVE-2021-22117 HIGH
7.8 May 18

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing

CVE-2026-57220 HIGH
7.5 Jul 10

Memory-exhaustion denial of service in RabbitMQ server prior to 4.2.6 allows an unauthenticated remote client to crash o

CVE-2026-57214 HIGH
7.1 Jul 10

Stored cross-site scripting in the RabbitMQ management UI (versions prior to 4.2.5) lets a user holding queue/exchange d

CVE-2026-57212 HIGH
7.1 Jul 10

Uncontrolled resource consumption in the RabbitMQ Management plugin's HTTP API lets an authenticated client crash or deg

CVE-2026-57217 HIGH
7.0 Jul 10

Authorization bypass in RabbitMQ topic permissions lets an authenticated user with restricted topic rights publish to or

CVE-2026-57215 HIGH
7.0 Jul 10

Improper authorization in RabbitMQ broker (versions prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6) allows an authenticated

CVE-2026-57216 CRITICAL
10.0 Jul 10

Authentication bypass in RabbitMQ (broker versions prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6) lets a loopback-restrict

Share

EUVD-2026-43014 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy