Authentication Vulnerability in RabbitMQ Messaging Broker
CVE-2026-57220
7.5HIGH
What is CVE-2026-57220?
The RabbitMQ messaging broker has a vulnerability in its stream listener that fails to enforce the configured stream frame-size limit during authentication and before Tune negotiation. This flaw allows unauthenticated remote clients to declare oversized frame lengths, potentially leading to memory consumption in the broker's rabbit_stream_core component. The issue has been addressed in version 4.2.6, where necessary safeguards were introduced to mitigate the risks associated with excessive frame sizes.
Affected Version(s)
rabbitmq-server >= 4.2.0, < 4.2.6
