SecurityWeek ·EN-US News sourceRabbitMQ
RabbitMQ Vulnerability Threatens Enterprise Systems
CVE Tools coverage
A critical vulnerability in RabbitMQ, tracked as CVE-2026-5721 (CVSS 8.7), allows attackers to retrieve the broker's confidential OAuth secret without authentication through an outdated management endpoint. This flaw could enable adversaries to impersonate the broker and gain administrative access to systems using identity providers like Auth0, Azure AD, Keycloak, or UAA. The issue affects RabbitMQ versions starting from 3.13.0 and was fixed in 4.3.0, 4.2.6, 4.1.11, 4.0.20, and 3.13.15. Enterprises are urged to update immediately and secure their management interfaces to prevent potential breaches.