Message Delivery Issue in RabbitMQ AMQP Broker
CVE-2026-57218
4.9MEDIUM
What is CVE-2026-57218?
RabbitMQ, a widely-used messaging and streaming broker, contains a vulnerability that permits existing consumers to continue receiving messages even after their OAuth tokens have expired or when scopes are reduced due to a connection.update_secret refresh. This occurs because the existing consumers are neither canceled nor reauthorized at the time of delivery, allowing unauthorized access to queued messages. This issue has been effectively addressed in version 4.2.6.
Affected Version(s)
rabbitmq-server >= 4.2.0, < 4.2.6
