Lucene search
K

1280 matches found

NVD
NVD
added 4 days ago24 views

CVE-2026-57219

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the obsolete GET /api/auth endpoint can disclose the OAuth 2 client secret on RabbitMQ installations configured with management.oauthclientsecret, exposing credentials to unauthenticated callers when the...

8.7CVSS0.0033EPSS
Exploits0References6
NVD
NVD
added 4 days ago5 views

CVE-2026-57221

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 operations, allowing any authenticated user who can connect to a virtual host to enumerate queue and...

5.3CVSS0.00269EPSS
Exploits1References6
NVD
NVD
added 4 days ago4 views

CVE-2026-57220

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame length...

7.5CVSS0.00429EPSS
Exploits1References6
NVD
NVD
added 4 days ago4 views

CVE-2026-57211

RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbitmgmtwmstatic can pass URL-encoded backslashes to erlprimloader:readfileinfo before path validation when multiple management extension plugins are enabled,...

10CVSS0.00278EPSS
Exploits1References5
NVD
NVD
added 4 days ago4 views

CVE-2026-57214

RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue or exchange argument into an HTML title attribute without proper escaping on the Queues and Exchanges pages, allowing a user with permission to declare a queue or exchange...

7.1CVSS0.00304EPSS
Exploits0References6
NVD
NVD
added 4 days ago4 views

CVE-2026-57217

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, RabbitMQ topic authorization can allow restricted topic writes and binds during metadata-store failures because topic-permission lookup errors from Khepri can collapse to undefined, which the internal backe...

7CVSS0.00269EPSS
Exploits1References6
NVD
NVD
added 4 days ago4 views

CVE-2026-57212

RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmqmanagement HTTP API accepts oversized valid JSON bodies on withdecode and directrequest paths because readcompletebody checks the accumulated size before the final chunk but not the final combin...

7.7CVSS0.00293EPSS
Exploits1References6
NVD
NVD
added 4 days ago7 views

CVE-2026-57215

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings to amq.rabbitmq.reply-to destinations because volatile direct-reply-to queues can be accepted at bind and route time but are missing from Khepri-backed deletion checks,...

8.8CVSS0.00245EPSS
Exploits1References6
NVD
NVD
added 4 days ago4 views

CVE-2026-57216

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend...

10CVSS0.00341EPSS
Exploits1References6
NVD
NVD
added 4 days ago4 views

CVE-2026-57218

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.updatesecret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after...

6.5CVSS0.00269EPSS
Exploits1References6
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-57217 RabbitMQ: Topic authorization can lead to cross-tenant routing-key bypass

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, RabbitMQ topic authorization can allow restricted topic writes and binds during metadata-store failures because topic-permission lookup errors from Khepri can collapse to undefined, which the internal backe...

7CVSS0.00269EPSS
Exploits1References6
CVE
CVE
added 4 days ago13 views

CVE-2026-57217

RabbitMQ topic authorization vulnerability (CVE-2026-57217) affects multiple release lines. Before versions 3.13.15, 4.0.21, 4.1.11, and 4.2.6, topic-permission lookup errors during metadata-store failures from Khepri can collapse to undefined, which the internal backend may treat as allow, poten...

7CVSS6.1AI score0.00269EPSS
Exploits1References6Affected Software1
OSV
OSV
added 4 days ago2 views

CVE-2026-57217 RabbitMQ: Topic authorization can lead to cross-tenant routing-key bypass

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, RabbitMQ topic authorization can allow restricted topic writes and binds during metadata-store failures because topic-permission lookup errors from Khepri can collapse to undefined, which the internal backe...

7CVSS6.1AI score0.00269EPSS
Exploits1References8
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-57221 RabbitMQ: Passive queue/exchange declaration bypasses authorization checks, leaking queue metadata to unprivileged users

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 operations, allowing any authenticated user who can connect to a virtual host to enumerate queue and...

5.3CVSS0.00269EPSS
Exploits1References6
CVE
CVE
added 4 days ago50 views

CVE-2026-57221

RabbitMQ vulnerability CVE-2026-57221 affects passive queue.declare and exchange.declare operations in AMQP 0-9-1. Prior to versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6, authenticated users who can connect to a virtual host could enumerate queue and exchange names and read queue message and consum...

5.3CVSS6.1AI score0.00269EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-57215 RabbitMQ: Direct-reply-to binding persistence can lead to unauthorized reply-channel injection and persistent phantom

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings to amq.rabbitmq.reply-to destinations because volatile direct-reply-to queues can be accepted at bind and route time but are missing from Khepri-backed deletion checks,...

7CVSS0.00245EPSS
Exploits1References6
OSV
OSV
added 4 days ago1 views

CVE-2026-57215 RabbitMQ: Direct-reply-to binding persistence can lead to unauthorized reply-channel injection and persistent phantom

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings to amq.rabbitmq.reply-to destinations because volatile direct-reply-to queues can be accepted at bind and route time but are missing from Khepri-backed deletion checks,...

7CVSS6.1AI score0.00245EPSS
Exploits1References8
CVE
CVE
added 4 days ago11 views

CVE-2026-57215

RabbitMQ vulnerability CVE-2026-57215 affects the broker’s binding logic for amq.rabbitmq.reply-to destinations. Before fixes, volatile direct-reply-to queues could be bound and routed even if not properly checked by Khepri-backed deletion checks, leaving persistent route entries after unbind. Af...

8.8CVSS6.1AI score0.00245EPSS
Exploits1References6Affected Software1
CVE
CVE
added 4 days ago57 views

CVE-2026-57219

RabbitMQ suffers an unauthenticated disclosure vulnerability in the management API: the obsolete GET /api/auth endpoint can reveal the OAuth 2 client secret on installations configured with management.oauth_client_secret prior to versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6. The issue arises when ...

8.7CVSS6.1AI score0.0033EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-57218 RabbitMQ: AMQP 0-9-1 in combination with OAuth 2: consumer persistence can lead to post-revocation message disclosure

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.updatesecret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after...

4.9CVSS0.00269EPSS
Exploits1References6
Rows per page
Query Builder