CVE Tools
Back to feed
SecurityWeek ·EN-US News sourceRabbitMQ

RabbitMQ Vulnerability Threatens Enterprise Systems

By Ionut Arghire··2 min read
CVE Tools coverage

A critical vulnerability in RabbitMQ, tracked as CVE-2026-5721 (CVSS 8.7), allows attackers to retrieve the broker's confidential OAuth secret without authentication through an outdated management endpoint. This flaw could enable adversaries to impersonate the broker and gain administrative access to systems using identity providers like Auth0, Azure AD, Keycloak, or UAA. The issue affects RabbitMQ versions starting from 3.13.0 and was fixed in 4.3.0, 4.2.6, 4.1.11, 4.0.20, and 3.13.15. Enterprises are urged to update immediately and secure their management interfaces to prevent potential breaches.