CVE-2026-25767 LavinMQ has incomplete shovel configuration validation

LavinMQ is a high-performance message queue & streaming server. Before 2.6.8, an authenticated user, with the “Policymaker” tag, could create shovels bypassing access controls. an authenticated user with the "Policymaker" management tag could exploit it to read messages from vhosts they are not...

CVE-2026-25767 LavinMQ has incomplete shovel configuration validation

LavinMQ is a high-performance message queue & streaming server. Before 2.6.8, an authenticated user, with the “Policymaker” tag, could create shovels bypassing access controls. an authenticated user with the "Policymaker" management tag could exploit it to read messages from vhosts they are not...

CVE-2026-25767

Technical details beyond what is in the Initial Description are not provided in the supplied documents. Monitor for updates for affected versions, impact, and remediation.

CVE-2026-25767

LavinMQ is a high-performance message queue & streaming server. Before 2.6.8, an authenticated user, with the “Policymaker” tag, could create shovels bypassing access controls. an authenticated user with the "Policymaker" management tag could exploit it to read messages from vhosts they are not...

CVE-2026-25767 LavinMQ has incomplete shovel configuration validation

LavinMQ is a high-performance message queue & streaming server. Before 2.6.8, an authenticated user, with the “Policymaker” tag, could create shovels bypassing access controls. an authenticated user with the "Policymaker" management tag could exploit it to read messages from vhosts they are not...

lavinmq 安全漏洞

LavinMQ is an open-source message queue and streaming media server developed by CloudAMQP. Prior to LavinMQ 2.6.8, there were security vulnerabilities. These vulnerabilities stemmed from the ability of authenticated users with the Policymaker tag to bypass access controls, allowing them to create...

SUSE CVE-2019-11291

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious use...

SUSE CVE-2022-31008

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

CVE-2022-31008

A flaw was found in RabbitMQ. The shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. In certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable dat...

Information Disclosure

rabbitmq-server is vulnerable to Information Disclosure. The vulnerability is due to a lack of validated encryption keys in shovel and federation plugins which allows attackers to obtain sensitive information...

Code injection

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

DEBIAN-CVE-2022-31008

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

UBUNTU-CVE-2022-31008

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

CVE-2022-31008

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

CVE-2022-31008 Predictable credential obfuscation seed value used in rabbitmq-server

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

CVE-2022-31008

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

CVE-2022-31008 Predictable credential obfuscation seed value used in rabbitmq-server

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

CVE-2022-31008

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker link state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions...

RabbitMQ 安全特征问题漏洞

RabbitMQ is a feature-rich multi-protocol messaging and streaming agent open-sourced by RabbitMQ. RabbitMQ has a security vulnerability that stems from its shovel and federation plugins performing URI obfuscation in its worker link state. The encryption key used to encrypt the URI carries...

GHSA-9PF7-F47Q-MWPQ Cross-site Scripting in RabbitMQ

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious use...