CVE-2026-57213
RabbitMQ’s rabbitmq_federation_management plugin is vulnerable to stored XSS on the Federation Status page because consumer_tag is rendered without HTML escaping. Prior to the fixed releases (3.13.14, 4.0.19, 4.1.10, 4.2.5), a user who can configure a federation upstream or policy could inject co...