๐Ÿ” CVE Alert

CVE-2026-57218

UNKNOWN 0.0

RabbitMQ: AMQP 0-9-1 in combination with OAuth 2: consumer persistence can lead to post-revocation message disclosure

CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
19th

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.update_secret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after the channel user state changes. This issue is fixed in version 4.2.6.

CWE CWE-863
Vendor rabbitmq
Product rabbitmq-server
Published Jul 10, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for rabbitmq rabbitmq-server

Be the first to know when new unknown vulnerabilities affecting rabbitmq rabbitmq-server are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

rabbitmq / rabbitmq-server
>= 4.2.0, < 4.2.6

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-wmrr-4h5v-5ch7 github.com: https://github.com/rabbitmq/rabbitmq-server/pull/16092 github.com: https://github.com/rabbitmq/rabbitmq-server/pull/16097 github.com: https://github.com/rabbitmq/rabbitmq-server/commit/501ad947cd6bbcc9486fe96e0d073992bfe52cc4 github.com: https://github.com/rabbitmq/rabbitmq-server/commit/db20d6c0fcf3056030f244b5adab0d45c0db0c9e github.com: https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.2.6