Product
RabbitMQ Topic Authorization Bypass via Cross-Tenant Routing-Key Vulnerability
1 CVECVE-2026-57217 details a vulnerability in RabbitMQ where topic authorization can be bypassed, leading to cross-tenant routing-key bypass, potentially allowing unauthorized access to or manipulation of routing keys in a multi-tenant environment.
RabbitMQ Unauthenticated OAuth Client Credential Disclosure via HTTP API (CVE-2026-57219)
1 TTP 1 CVECVE-2026-57219 describes an unauthenticated disclosure vulnerability in RabbitMQ, allowing an attacker to obtain OAuth client credentials via an HTTP API endpoint when RabbitMQ is configured with certain less common OAuth 2 configurations, potentially leading to unauthorized access to other systems or services.
CVE-2026-44839: RabbitMQ Management UI XSS via Unsanitized vhost Names
2 rules 1 TTP 1 CVECVE-2026-44839 is a cross-site scripting (XSS) vulnerability in the RabbitMQ management UI that arises from unsanitized virtual host (vhost) names, potentially allowing an attacker to execute arbitrary JavaScript in the context of a user's browser.