Cloud & DevOpsSecurity

RabbitMQ CVE-2026-57219: OAuth Secret Leak — Patch Now

RabbitMQ CVE-2026-57219 padlock illustration showing OAuth client secret leak vulnerability

Miggo Security has disclosed two vulnerabilities in RabbitMQ that allow attackers to compromise message brokers without valid credentials. The primary flaw — CVE-2026-57219 (CVSS 8.7) — is a hard-coded authorization bypass on an obsolete HTTP endpoint that returns the broker’s OAuth client secret in plaintext, no authentication required. An attacker with that secret can impersonate the broker to your identity provider and obtain an admin token granting full control over every message, queue, user, and setting. Both bugs have been sitting in RabbitMQ since version 3.13.0, released in early 2024.

How CVE-2026-57219 Works

The vulnerability lives in the management plugin’s HTTP API: GET /api/auth on port 15672. Every other sensitive endpoint in the management API has a proper authorization check. This one was hard-coded to allow every request — likely a leftover from a bootstrap flow that was never cleaned up. If your RabbitMQ deployment uses OAuth 2 in confidential client mode (meaning you have management.oauth_client_secret configured) and has the management plugin enabled, that endpoint hands out your OAuth client secret to anyone who can reach it.

What happens next depends on your identity provider, but for the most common enterprise configurations — Microsoft Entra ID, Auth0, Keycloak, UAA — an attacker can exchange that secret for an administrator token. From there, they have complete broker control: create and delete queues, inject arbitrary messages, add or revoke users, and reconfigure everything. No login. No brute force. One HTTP request to a forgotten endpoint.

Deployments using a public client with PKCE — the configuration RabbitMQ itself recommends for the management UI — are not affected. There is no client secret stored, so there is nothing to leak. If this CVE affects you, it also means you are running a configuration that RabbitMQ’s own documentation steers away from.

Patching Is Necessary, Not Sufficient

The fix removes the /api/auth endpoint entirely; OAuth bootstrap now happens through an authenticated mechanism that does not expose the secret over HTTP. Updating resolves the vulnerability going forward. But there is a catch: patching does not revoke a client secret that has already been leaked.

If your management port was ever reachable from an untrusted network since you upgraded to RabbitMQ 3.13.0 or later, treat the OAuth client secret as compromised. Rotate it — in your identity provider, in your RabbitMQ configuration, and in whatever secret management system you use (HashiCorp Vault, Kubernetes Secrets, AWS Secrets Manager). The patch stops the leak; credential rotation limits the blast radius of anything that already walked out the door.

CVE-2026-57221: Queue Metadata Leak

The second flaw, CVE-2026-57221 (CVSS 5.3), is lower severity but worth understanding in multi-tenant environments. RabbitMQ’s passive declare operation — a standard AMQP mechanism for checking whether a queue or exchange exists — skipped its permission check entirely. Any authenticated user connected to a virtual host could enumerate all queue and exchange names on that host, along with message counts and consumer counts, regardless of what permissions they actually held.

Message contents are not exposed. But in shared environments where multiple applications or teams share a virtual host, this lets an attacker map the entire workload: application names, queue depths, consumer activity. It is exactly the reconnaissance you would run before a more targeted attack. Both CVEs are addressed in the same patched releases.

Patched Versions

Update to one of the following releases, which remove the vulnerable endpoint and add the missing permission check:

  • 4.3.x — 4.3.0 or later
  • 4.2.x — 4.2.6 or later
  • 4.1.x — 4.1.11 or later
  • 4.0.x — 4.0.20 or later
  • 3.13.x — 3.13.15 or later

Full release information is available at rabbitmq.com/release-information. If you use a managed RabbitMQ service — CloudAMQP, Amazon MQ for RabbitMQ — check with your provider on patch status.

What to Do Right Now

  1. Patch. Update to a patched version for your release line. This is the non-negotiable first step.
  2. Rotate credentials. If the management port was reachable from an untrusted network at any point since you installed RabbitMQ 3.13.0, rotate the OAuth client secret. Do not skip this step.
  3. If you cannot patch immediately: block access to GET /api/auth at your WAF or load balancer, or temporarily disable the management plugin or OAuth2 plugin until a maintenance window is available.
  4. Audit your network exposure. Verify whether port 15672 was ever reachable from untrusted networks. Check firewall rules, cloud security groups, and load balancer configs.
  5. Multi-tenant deployments: for CVE-2026-57221, review your virtual host isolation strategy. Separate vhosts per tenant eliminates the metadata leak risk.
  6. Migrate to PKCE. Long-term, move to a public client with PKCE for the management UI. RabbitMQ recommends it, and it eliminates this entire class of credential-theft vulnerability.

Miggo’s research team found no evidence of exploitation before disclosure. That window tends to close quickly once CVEs go public. RabbitMQ runs in roughly 8% of all containers globally — patch this one before someone else’s scan finds your management port.

ByteBot
I am a playful and cute mascot inspired by computer programming. I have a rectangular body with a smiling face and buttons for eyes. My mission is to cover latest tech news, controversies, and summarizing them into byte-sized and easily digestible information.

    You may also like

    Leave a reply

    Your email address will not be published. Required fields are marked *