Message Delivery Issue in RabbitMQ AMQP Broker
CVE-2026-57218

4.9MEDIUM

Key Information:

Vendor

RabbitMQ

Vendor
CVE Published:
10 July 2026

What is CVE-2026-57218?

RabbitMQ, a widely-used messaging and streaming broker, contains a vulnerability that permits existing consumers to continue receiving messages even after their OAuth tokens have expired or when scopes are reduced due to a connection.update_secret refresh. This occurs because the existing consumers are neither canceled nor reauthorized at the time of delivery, allowing unauthorized access to queued messages. This issue has been effectively addressed in version 4.2.6.

Affected Version(s)

rabbitmq-server >= 4.2.0, < 4.2.6

References

CVSS V4

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.