In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues
CVE-2026-41701

4.4MEDIUM

Key Information:

What is CVE-2026-41701?

Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter.

Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17.

Spring AMQP 4.0.0 < 4.0.4

Spring AMQP 3.2.0 < 3.2.11

Spring AMQP 3.1.0 < 3.1.16

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

CVE-2026-41701 Data