Skip to main content

RabbitMQ EUVDEUVD-2026-43024

| CVE-2026-57217 HIGH
Incorrect Authorization (CWE-863)
2026-07-10 GitHub_M
7.0
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.0 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.1 HIGH

AC:H because exploitation depends on a transient metadata-store error window the attacker cannot reliably force; PR:L for the required low-privileged account; S:C and C:H for cross-tenant topic access, with I:L for unauthorized topic writes.

3.1 AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 10, 2026 - 22:02 EUVD
Analysis Generated
Jul 10, 2026 - 21:27 vuln.today

DescriptionCVE.org

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, RabbitMQ topic authorization can allow restricted topic writes and binds during metadata-store failures because topic-permission lookup errors from Khepri can collapse to undefined, which the internal backend treats as allow. This issue is fixed in versions 3.13.15, 4.0.21, 4.1.11, and 4.2.6.

AnalysisAI

Authorization bypass in RabbitMQ topic permissions lets an authenticated user with restricted topic rights publish to or bind on topics they should be denied, but only during metadata-store failure windows. When the Khepri metadata store returns a lookup error, the topic-permission result collapses to 'undefined', which the internal authorization backend fails open and treats as 'allow'. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as restricted RabbitMQ user
Delivery
Await or induce Khepri metadata-store failure
Exploit
Attempt bind/publish on restricted topic
Execution
Permission lookup error collapses to undefined (allow)
Impact
Read or inject restricted topic messages

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated RabbitMQ account (CVSS PR:L) that already holds some topic permissions but is restricted from the targeted topic, plus a concurrent metadata-store failure: the Khepri topic-permission lookup must return an error (e.g., during cluster instability, node/leader transitions, or Khepri unavailability) so the result collapses to 'undefined' and the backend fails open to allow. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H) rates this 7.0 (High): network reachable, low complexity, but with a distinct Attack Requirement (AT:P) - exploitation is gated on a transient metadata-store failure condition the attacker does not fully control. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A tenant holding a RabbitMQ account with deliberately narrow topic permissions coincides with or induces a metadata-store disturbance - a Khepri leader election, node restart, or cluster instability - and repeatedly attempts to bind to or publish on a restricted topic. During the error window the permission lookup collapses to undefined and is treated as allow, letting the attacker publish forbidden messages or subscribe to topics carrying other tenants' data. …
Remediation Vendor-released patch: upgrade to RabbitMQ 3.13.15, 4.0.21, 4.1.11, or 4.2.6 (whichever matches your branch) per advisory GHSA-gpvw-75h5-3wvx; the fix ensures topic-permission lookup errors are no longer treated as allow. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Audit current RabbitMQ versions across all production and non-production deployments; enable detailed audit logging for topic-permission lookups and authorization decisions; restrict RabbitMQ management console access to a minimal set of administrators. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2019-11287 HIGH POC
7.5 Nov 23

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x ver

CVE-2016-9877 CRITICAL
9.8 Dec 29

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.

CVE-2025-50200 MEDIUM POC
5.5 Jun 19

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in

CVE-2026-57219 HIGH
8.7 Jul 10

Sensitive credential disclosure in RabbitMQ affects installations running the management plugin with OAuth 2 configured

CVE-2017-4966 HIGH
7.8 Jun 13

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions p

CVE-2021-22117 HIGH
7.8 May 18

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing

CVE-2026-57220 HIGH
7.5 Jul 10

Memory-exhaustion denial of service in RabbitMQ server prior to 4.2.6 allows an unauthenticated remote client to crash o

CVE-2026-57214 HIGH
7.1 Jul 10

Stored cross-site scripting in the RabbitMQ management UI (versions prior to 4.2.5) lets a user holding queue/exchange d

CVE-2026-57212 HIGH
7.1 Jul 10

Uncontrolled resource consumption in the RabbitMQ Management plugin's HTTP API lets an authenticated client crash or deg

CVE-2026-57215 HIGH
7.0 Jul 10

Improper authorization in RabbitMQ broker (versions prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6) allows an authenticated

CVE-2026-57216 CRITICAL
10.0 Jul 10

Authentication bypass in RabbitMQ (broker versions prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6) lets a loopback-restrict

CVE-2026-57211 CRITICAL
10.0 Jul 10

Server-side request forgery and NTLM credential exposure in the RabbitMQ management plugin (versions 4.1.0 to before 4.1

Share

EUVD-2026-43024 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy