CVE Tools
Back to feed
The Hacker News ·EN News source PoC publicRabbitMQ

RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

By The Hacker News··2 min read
CVE Tools coverage

Researchers have revealed two critical access control flaws in RabbitMQ that could allow attackers to steal OAuth client secrets and bypass tenant isolation. The vulnerabilities, tracked as CVE-2026-57219 and CVE-2026-57221, were present since early 2024 and affect multiple versions of the message broker. Attackers could exploit these issues to gain administrative control or access cross-tenant metadata without proper authorization. Patches are available in versions 4.3.0, 4.2.6, 4.1.11, 4.0.20, and 3.13.15.