CVE-2026-44393

HIGH 7.4

CVSS Score

7.4

EPSS Score

0.0%

EPSS Percentile

0th

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When ssl_ca_file is configured, the driver enables certificate chain validation but does not pass the expected broker hostname into the underlying TLS stack. Any certificate signed by the deployment CA is accepted regardless of hostname, allowing an attacker who can intercept control-plane traffic to impersonate the RabbitMQ broker and perform a man-in-the-middle attack on RPC and notification traffic. All OpenStack services using oslo.messaging with RabbitMQ over TLS are affected.

Vendor	n/a
Product	n/a
Published	Jun 4, 2026
Last Updated	Jun 4, 2026

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new high vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

bugs.launchpad.net: https://bugs.launchpad.net/oslo.messaging/+bug/2150316 wiki.openstack.org: https://wiki.openstack.org/wiki/OSSN/OSSN-0096