CVE-2026-44838: CWE-863: Incorrect Authorization in rabbitmq rabbitmq-server
RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^{client_id}-sensors$ to restrict user access to topics that include their client ID. However, the client_id is provided by the user in the MQTT CONNECT packet and is inserted into the regex pattern without escaping special regex characters. This flaw enables an authenticated MQTT user to inject regex operators to bypass authorization. This vulnerability is fixed in 4.2.4 and 4.3.0.
AI Analysis
Technical Summary
RabbitMQ's MQTT plugin implements topic-level authorization by constructing regex patterns that include the client_id variable supplied by the user in the MQTT CONNECT packet. From versions 4.2.0 to before 4.2.4, the client_id is not properly escaped when inserted into the regex pattern, enabling an authenticated user to inject regex operators. This injection can circumvent intended authorization restrictions on MQTT topics. The vulnerability corresponds to CWE-863 (Incorrect Authorization). It was addressed by RabbitMQ in versions 4.2.4 and 4.3.0.
Potential Impact
An authenticated MQTT user can bypass topic-level authorization restrictions by injecting regex operators via the client_id field. This allows unauthorized access to MQTT topics that should be restricted, potentially exposing sensitive messaging data or enabling unauthorized message publication or subscription. The impact is limited to authenticated users and depends on the MQTT plugin's use of regex-based authorization with client_id substitution.
Mitigation Recommendations
A fix for this vulnerability is available in RabbitMQ versions 4.2.4 and 4.3.0. Users should upgrade affected RabbitMQ server instances to at least version 4.2.4 to remediate this issue. No vendor advisory content contradicts this; therefore, upgrading is the recommended mitigation.
CVE-2026-44838: CWE-863: Incorrect Authorization in rabbitmq rabbitmq-server
Description
RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^{client_id}-sensors$ to restrict user access to topics that include their client ID. However, the client_id is provided by the user in the MQTT CONNECT packet and is inserted into the regex pattern without escaping special regex characters. This flaw enables an authenticated MQTT user to inject regex operators to bypass authorization. This vulnerability is fixed in 4.2.4 and 4.3.0.
CVSS v4.0
Score 5.3medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
RabbitMQ's MQTT plugin implements topic-level authorization by constructing regex patterns that include the client_id variable supplied by the user in the MQTT CONNECT packet. From versions 4.2.0 to before 4.2.4, the client_id is not properly escaped when inserted into the regex pattern, enabling an authenticated user to inject regex operators. This injection can circumvent intended authorization restrictions on MQTT topics. The vulnerability corresponds to CWE-863 (Incorrect Authorization). It was addressed by RabbitMQ in versions 4.2.4 and 4.3.0.
Potential Impact
An authenticated MQTT user can bypass topic-level authorization restrictions by injecting regex operators via the client_id field. This allows unauthorized access to MQTT topics that should be restricted, potentially exposing sensitive messaging data or enabling unauthorized message publication or subscription. The impact is limited to authenticated users and depends on the MQTT plugin's use of regex-based authorization with client_id substitution.
Mitigation Recommendations
A fix for this vulnerability is available in RabbitMQ versions 4.2.4 and 4.3.0. Users should upgrade affected RabbitMQ server instances to at least version 4.2.4 to remediate this issue. No vendor advisory content contradicts this; therefore, upgrading is the recommended mitigation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-07T21:21:48.352Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a170b58e29bf47b50c90700
Added to database: 5/27/2026, 3:18:48 PM
Last enriched: 5/27/2026, 4:18:40 PM
Last updated: 5/29/2026, 8:27:20 AM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.