CVE-2026-57218: CWE-863: Incorrect Authorization in rabbitmq rabbitmq-server
CVE-2026-57218 is an authorization vulnerability in RabbitMQ server versions prior to 4.2.6. It allows an existing consumer to continue receiving messages even after the OAuth token expires or its permissions are reduced via connection.update_secret refresh. This occurs because consumers are not canceled or reauthorized at delivery time after the channel user state changes. The issue is fixed in RabbitMQ version 4.2.6.
AI Analysis
Technical Summary
RabbitMQ AMQP 0-9-1 prior to version 4.2.6 contains an incorrect authorization vulnerability (CWE-863) where consumers remain active and continue receiving messages despite OAuth token expiry or scope reduction through connection.update_secret refresh. This happens because the server does not cancel or reauthorize existing consumers at message delivery time after user state changes on the channel. This flaw could allow consumers to receive messages beyond their authorized scope until the channel is closed or the consumer is explicitly canceled. The vulnerability is resolved in RabbitMQ version 4.2.6.
Potential Impact
An attacker or legitimate consumer with a previously valid OAuth token can continue to receive messages after the token expires or its permissions are reduced, potentially leading to unauthorized message consumption. This could result in unauthorized access to sensitive message data until the consumer is canceled or the channel is closed. The CVSS score of 4.9 (medium severity) reflects the moderate risk due to the need for an existing consumer and limited scope of impact.
Mitigation Recommendations
Upgrade RabbitMQ server to version 4.2.6 or later, where this authorization issue is fixed. There is no indication of alternative mitigations or temporary workarounds. Patch status is not explicitly stated but the vendor fix is confirmed in version 4.2.6.
CVE-2026-57218: CWE-863: Incorrect Authorization in rabbitmq rabbitmq-server
Description
CVE-2026-57218 is an authorization vulnerability in RabbitMQ server versions prior to 4.2.6. It allows an existing consumer to continue receiving messages even after the OAuth token expires or its permissions are reduced via connection.update_secret refresh. This occurs because consumers are not canceled or reauthorized at delivery time after the channel user state changes. The issue is fixed in RabbitMQ version 4.2.6.
CVSS v4.0
Score 4.9medium
Affected software
pkg:github/rabbitmq/rabbitmq-serverRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
RabbitMQ AMQP 0-9-1 prior to version 4.2.6 contains an incorrect authorization vulnerability (CWE-863) where consumers remain active and continue receiving messages despite OAuth token expiry or scope reduction through connection.update_secret refresh. This happens because the server does not cancel or reauthorize existing consumers at message delivery time after user state changes on the channel. This flaw could allow consumers to receive messages beyond their authorized scope until the channel is closed or the consumer is explicitly canceled. The vulnerability is resolved in RabbitMQ version 4.2.6.
Potential Impact
An attacker or legitimate consumer with a previously valid OAuth token can continue to receive messages after the token expires or its permissions are reduced, potentially leading to unauthorized message consumption. This could result in unauthorized access to sensitive message data until the consumer is canceled or the channel is closed. The CVSS score of 4.9 (medium severity) reflects the moderate risk due to the need for an existing consumer and limited scope of impact.
Mitigation Recommendations
Upgrade RabbitMQ server to version 4.2.6 or later, where this authorization issue is fixed. There is no indication of alternative mitigations or temporary workarounds. Patch status is not explicitly stated but the vendor fix is confirmed in version 4.2.6.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-06-24T02:21:33.810Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a515a8b68715ace432d831a
Added to database: 07/10/2026, 20:48:11 UTC
Last enriched: 07/10/2026, 21:03:24 UTC
Last updated: 07/10/2026, 21:27:21 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.