Topic Authorization Vulnerability in RabbitMQ by Pivotal Software
CVE-2026-57217

7HIGH

Key Information:

Vendor

RabbitMQ

Vendor
CVE Published:
10 July 2026

What is CVE-2026-57217?

The RabbitMQ messaging broker has a security vulnerability related to topic authorization that affects several versions. When there are metadata-store failures, topic-permission lookup errors can default to an undefined state. This misconfiguration can allow restricted topic writes and binds, leading to unauthorized access. The issue has been resolved in versions 3.13.15, 4.0.21, 4.1.11, and 4.2.6, ensuring that administrative controls remain intact during metadata errors. Users are strongly encouraged to upgrade to the latest versions to mitigate potential security risks.

Affected Version(s)

rabbitmq-server >= 4.2.0, < 4.2.6 < 4.2.0, 4.2.6

rabbitmq-server >= 4.1.0, < 4.1.11 < 4.1.0, 4.1.11

rabbitmq-server >= 4.0.0, < 4.0.21 < 4.0.0, 4.0.21

References

CVSS V4

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.