CVE-2026-57216
RabbitMQ
CVSS Details
Description
RabbitMQ AMQP 0-9-1 (and AMQP 1.0 / Stream Protocol) authentication allows a loopback-restricted user to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend listener is loopback-bound. The loopback check is performed on the accepted socket and resolves loopback using the listener-side address (sockname) instead of the real client source. A remote actor who can reach a trusted PROXY-protocol frontend and provide valid loopback-restricted credentials can obtain a live session as that user, and in deployments where guest keeps default admin privileges this can escalate to full broker control. This issue affects RabbitMQ from 4.2.0 before 4.2.6, 4.1.0 before 4.1.11, 4.0.0 before 4.0.20, and 3.13.0 before 3.13.15. Reported by Cantina.