Topic Authorization Vulnerability in RabbitMQ by Pivotal Software
CVE-2026-57217
7HIGH
What is CVE-2026-57217?
The RabbitMQ messaging broker has a security vulnerability related to topic authorization that affects several versions. When there are metadata-store failures, topic-permission lookup errors can default to an undefined state. This misconfiguration can allow restricted topic writes and binds, leading to unauthorized access. The issue has been resolved in versions 3.13.15, 4.0.21, 4.1.11, and 4.2.6, ensuring that administrative controls remain intact during metadata errors. Users are strongly encouraged to upgrade to the latest versions to mitigate potential security risks.
Affected Version(s)
rabbitmq-server >= 4.2.0, < 4.2.6 < 4.2.0, 4.2.6
rabbitmq-server >= 4.1.0, < 4.1.11 < 4.1.0, 4.1.11
rabbitmq-server >= 4.0.0, < 4.0.21 < 4.0.0, 4.0.21
