RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, RabbitMQ topic authorization can allow restricted topic writes and binds during metadata-store failures because topic-permission lookup errors from Khepri can collapse to undefined, which the internal backend treats as allow. This issue is fixed in versions 3.13.15, 4.0.21, 4.1.11, and 4.2.6.
Metrics
Affected Vendors & Products
References
History
Fri, 10 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Rabbitmq
Rabbitmq rabbitmq-server |
|
| Vendors & Products |
Rabbitmq
Rabbitmq rabbitmq-server |
Fri, 10 Jul 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, RabbitMQ topic authorization can allow restricted topic writes and binds during metadata-store failures because topic-permission lookup errors from Khepri can collapse to undefined, which the internal backend treats as allow. This issue is fixed in versions 3.13.15, 4.0.21, 4.1.11, and 4.2.6. | |
| Title | RabbitMQ: Topic authorization can lead to cross-tenant routing-key bypass | |
| Weaknesses | CWE-863 | |
| References |
|
|
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-10T20:25:29.498Z
Reserved: 2026-06-24T02:21:33.810Z
Link: CVE-2026-57217
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-10T21:30:04Z