Skip to content
Threat Feed

Tag

Rabbitmq

5 briefs RSS
high advisory

RabbitMQ Management UI UNC SSRF Vulnerability (CVE-2026-57211) on Windows

CVE-2026-57211 details a Server-Side Request Forgery (SSRF) vulnerability within the RabbitMQ management UI when deployed on Windows, enabling an attacker to coerce the server into making requests to arbitrary UNC paths, potentially leading to NTLM credential disclosure or internal network reconnaissance.

RabbitMQ management UI vulnerability ssrf rabbitmq windows msrc
1c
low advisory

RabbitMQ Topic Authorization Bypass via Cross-Tenant Routing-Key Vulnerability

CVE-2026-57217 details a vulnerability in RabbitMQ where topic authorization can be bypassed, leading to cross-tenant routing-key bypass, potentially allowing unauthorized access to or manipulation of routing keys in a multi-tenant environment.

RabbitMQ vulnerability authorization-bypass
1c
low advisory

RabbitMQ Stream Listener Vulnerability CVE-2026-57220 Allows Unauthenticated Memory Exhaustion DoS

A denial-of-service vulnerability, CVE-2026-57220, exists in the RabbitMQ stream listener that allows an unauthenticated attacker to exhaust memory resources by not properly enforcing frame-size limits during authentication, leading to service disruption.

RabbitMQ Stream listener denial-of-service vulnerability rabbitmq
1t 1c
high advisory

RabbitMQ Unauthenticated OAuth Client Credential Disclosure via HTTP API (CVE-2026-57219)

CVE-2026-57219 describes an unauthenticated disclosure vulnerability in RabbitMQ, allowing an attacker to obtain OAuth client credentials via an HTTP API endpoint when RabbitMQ is configured with certain less common OAuth 2 configurations, potentially leading to unauthorized access to other systems or services.

RabbitMQ vulnerability credential-access broadcom
1t 1c
medium threat

CVE-2026-44839: RabbitMQ Management UI XSS via Unsanitized vhost Names

CVE-2026-44839 is a cross-site scripting (XSS) vulnerability in the RabbitMQ management UI that arises from unsanitized virtual host (vhost) names, potentially allowing an attacker to execute arbitrary JavaScript in the context of a user's browser.

RabbitMQ xss cve-2026-44839 web-application
2r 1t 1c