Threat Advisory

RabbitMQ Flaw Lets Attackers Obtain OAuth Client Secret

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in RabbitMQ, a popular open source message broker used for routing, buffering, and distributing messages between applications. The overall risk/impact is significant, as an attacker could obtain sensitive information and gain control of users, messages, queues, and broker settings. Affected versions range from 3.13.0 to 4.2.5.

CVE-2026-5721 (CVSS 8.7 — High): The vulnerability impacts an open management endpoint that returns the OAuth secret to anyone without authentication. An attacker could obtain the administrator token, allowing them to impersonate the broker and gain control of users, messages, queues, and broker settings.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in RabbitMQ, a popular open source message broker used for routing, buffering, and distributing messages between applications. The overall risk/impact is significant, as an attacker could obtain sensitive information and gain control of users, messages, queues, and broker settings. Affected versions range from 3.13.0 to 4.2.5.

CVE-2026-5721 (CVSS 8.7 — High): The vulnerability impacts an open management endpoint that returns the OAuth secret to anyone without authentication. An attacker could obtain the administrator token, allowing them to impersonate the broker and gain control of users, messages, queues, and broker settings.[emaillocker id="1283"]

CVE-2026-57221 (CVSS 5.3 — Medium): A missing authorization flaw allows any authenticated user to enumerate queues and exchanges, as well as read their statistics. These vulnerabilities collectively present a significant threat to enterprises using RabbitMQ, particularly those with exposed management ports or multi-tenant setups. Administrators should review exposure and apply the latest updates. These vulnerabilities collectively present a significant threat to enterprises using RabbitMQ, particularly those with exposed management ports or multi-tenant setups.

These vulnerabilities collectively present a significant threat to enterprises using RabbitMQ, particularly those with exposed management ports or multi-tenant setups.

RECOMMENDATION:

We recommend you to update RabbitMQ to version 3.13.0.

REFERENCES:

The following reports contain further technical details:

[/emaillocker]
crossmenu