RabbitMQ Vulnerability Threatens Enterprise Systems

RabbitMQ Vulnerability Threatens Enterprise Systems
Miggo says a critical RabbitMQ flaw, CVE-2026-5721, could let attackers retrieve an exposed OAuth client secret from the management interface and impersonate the broker to an identity provider. A second issue, CVE-2026-57221, can let authenticated users enumerate queues and exchanges, increasing the risk of reconnaissance in shared or internet-exposed deployments. #RabbitMQ #CVE-2026-5721 #CVE-2026-57221 #OAuth #OIDC #Auth0 #AzureAD #EntraID #Keycloak #UAA

Keypoints

  • CVE-2026-5721 can expose RabbitMQ’s confidential OAuth secret without authentication.
  • The flaw affects an obsolete management endpoint in the RabbitMQ web interface.
  • An attacker could impersonate the broker and obtain an administrator token.
  • CVE-2026-57221 allows authenticated users to enumerate queues, exchanges, and statistics.
  • RabbitMQ has fixed the issues in versions 4.3.0, 4.2.6, 4.1.11, 4.0.20, and 3.13.15.

Read More: https://www.securityweek.com/rabbitmq-vulnerability-threatens-enterprise-systems/