The Hacker News ·EN News source PoC publicRabbitMQ
RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata
CVE Tools coverage
Researchers have revealed two critical access control flaws in RabbitMQ that could allow attackers to steal OAuth client secrets and bypass tenant isolation. The vulnerabilities, tracked as CVE-2026-57219 and CVE-2026-57221, were present since early 2024 and affect multiple versions of the message broker. Attackers could exploit these issues to gain administrative control or access cross-tenant metadata without proper authorization. Patches are available in versions 4.3.0, 4.2.6, 4.1.11, 4.0.20, and 3.13.15.