Authentication Vulnerability in RabbitMQ Messaging Broker
CVE-2026-57220

7.5HIGH

Key Information:

Vendor

RabbitMQ

Vendor
CVE Published:
10 July 2026

What is CVE-2026-57220?

The RabbitMQ messaging broker has a vulnerability in its stream listener that fails to enforce the configured stream frame-size limit during authentication and before Tune negotiation. This flaw allows unauthenticated remote clients to declare oversized frame lengths, potentially leading to memory consumption in the broker's rabbit_stream_core component. The issue has been addressed in version 4.2.6, where necessary safeguards were introduced to mitigate the risks associated with excessive frame sizes.

Affected Version(s)

rabbitmq-server >= 4.2.0, < 4.2.6

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.