RabbitMQ, a widely deployed open-source message broker for applications, was found to contain two vulnerabilities, one of which could have allowed for a complete takeover due to disclosure of OAuth client secrets to unauthenticated users, Miggo reported Monday. A second flaw could have allowed an authenticated user with no privileges to view the queues and exchanges of other users, potentially leaking private business activity of other tenants on shared hosts but not messages themselves, Miggo noted. The flaws were present since 2024 and were discovered by Miggo using its multi-agent autonomous security research system VulnHunter and validated by human reviewers.With more than 15 million RabbitMQ downloads per year and an estimated 8% of all containers worldwide running RabbitMQ, the vulnerabilities could potentially have a widespread impact.The most severe flaw, tracked as CVE-2026-57219, with a CVSS v4.0 score of 8.7, involved the unintentional inclusion of an obsolete endpoint, GET /api/auth, in RabbitMQ’s management web interface, which was found to disclose a server’s OAuth 2 configuration to any user who requested it without authentication, Miggo explained.The exposed configuration would include a secret, management.oauth_client_secret, which an attacker could then use to authenticate to the broker’s identity provider, receive an administrator token, and take over the broker, gaining control and access to all of its messages, queues, users and configurations.This flaw only affects RabbitMQ deployments that use OAuth 2 with management.oauth_client_secret configured and the management plugin enabled; deployments that don’t use OAuth 2 or don’t have a client secret configured are not affected, nor are deployments that have no management plugin, such as those monitoring only through Prometheus or Grafana. Miggo noted that a public client using PKCE, which is the management-UI configuration recommended by RabbitMQ, do not have a client secret to steal.CVE-2026-57219 is patched in versions 4.3.0, 4.2.6, 4.1.11, 4.0.20 and 3.13.15, which remove the /api/auth endpoint. Disabling the OAuth 2 plugin or management plugin, using a grant type without a client secret and cutting off access to the management interface on port 15672 will also mitigate the vulnerability for deployments that cannot be immediately patched.Importantly, affected deployments should have their OAuth client secret rotated, as patching the flaw does not revoke a secret that has already been leaked.The second flaw, tracked as CVE-2026-57221, with a CVSS v4.0 score of 5.3, involves a missing permissions check for two passive declaration paths: queue.declare and exchange.declare. Therefore, an authenticated user with no permissions could declare a queue or exchange with a known or guessed name and view metadata such as message counts and consumer counts if the queue or exchange exists on the host.This flaw could potentially leak private business information across tenants to perform reconnaissance and map queues across the virtual host. While key statistics could be leaked, such as the number of messages waiting or number of consumers attached, messages themselves could not be viewed or modified. This flaw would mainly affect deployments in multi-tenant environments that rely on RabbitMQ’s user permissions for separation, Miggo noted.Updating to versions 4.3.0, 4.2.6, 4.1.11, 4.0.20 and 3.13.15 also resolve CVE-2026-57221 in addition to CVE-2026-57219. Separating tenants into different virtual hosts is the only potential mitigation if patching is not available.The researchers note that frozen images such as pinned container images, Helm charts and RabbitMQ embedded in other products should also be updated to apply fixes. The value of autonomous vulnerability discovery using AI agents was also highlighted.“[These flaws] are precisely the kind of quiet, systemic inconsistency that hides in mature, widely deployed software: the kind a human reviewer reads past, and a single-pass tool fails to compare against everything around it,” Miggo concluded.
Application security

RabbitMQ fixes flaw that allowed broker takeover via OAuth secret disclosure

(Credit: Postmodern Studio – stock.adobe.com)

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



