Tag
RabbitMQ Management UI UNC SSRF Vulnerability (CVE-2026-57211) on Windows
1 CVECVE-2026-57211 details a Server-Side Request Forgery (SSRF) vulnerability within the RabbitMQ management UI when deployed on Windows, enabling an attacker to coerce the server into making requests to arbitrary UNC paths, potentially leading to NTLM credential disclosure or internal network reconnaissance.
RabbitMQ Topic Authorization Bypass via Cross-Tenant Routing-Key Vulnerability
1 CVECVE-2026-57217 details a vulnerability in RabbitMQ where topic authorization can be bypassed, leading to cross-tenant routing-key bypass, potentially allowing unauthorized access to or manipulation of routing keys in a multi-tenant environment.
RabbitMQ Stream Listener Vulnerability CVE-2026-57220 Allows Unauthenticated Memory Exhaustion DoS
1 TTP 1 CVEA denial-of-service vulnerability, CVE-2026-57220, exists in the RabbitMQ stream listener that allows an unauthenticated attacker to exhaust memory resources by not properly enforcing frame-size limits during authentication, leading to service disruption.
RabbitMQ Unauthenticated OAuth Client Credential Disclosure via HTTP API (CVE-2026-57219)
1 TTP 1 CVECVE-2026-57219 describes an unauthenticated disclosure vulnerability in RabbitMQ, allowing an attacker to obtain OAuth client credentials via an HTTP API endpoint when RabbitMQ is configured with certain less common OAuth 2 configurations, potentially leading to unauthorized access to other systems or services.
CVE-2026-44839: RabbitMQ Management UI XSS via Unsanitized vhost Names
2 rules 1 TTP 1 CVECVE-2026-44839 is a cross-site scripting (XSS) vulnerability in the RabbitMQ management UI that arises from unsanitized virtual host (vhost) names, potentially allowing an attacker to execute arbitrary JavaScript in the context of a user's browser.