Vulnerability in RabbitMQ Management Plugin Allows Misconfigured Path Handling
CVE-2026-57211
6.5MEDIUM
What is CVE-2026-57211?
The RabbitMQ Management Plugin, used in messaging and streaming, has a vulnerability that affects versions prior to 4.1.11 and 4.2.6 on Windows. The static file handler, rabbit_mgmt_wm_static, improperly processes URL-encoded backslashes leading to potential outbound DNS and SMB requests directed to attacker-controlled UNC paths. This flaw arises when multiple management extension plugins are enabled, allowing attackers to exploit the path validation bypass. Users are strongly advised to upgrade to the latest versions to mitigate security risks and ensure robust operations.
Affected Version(s)
rabbitmq-server >= 4.2.0, < 4.2.6 < 4.2.0, 4.2.6
rabbitmq-server >= 4.1.0, < 4.1.11 < 4.1.0, 4.1.11
