Aug 4-6 · Las VegasCantina is at Black Hat USA · Booth 5200, AI ZoneBook a meeting
authentication-bypass-by-spoofing

CVE-2026-57216

RabbitMQ

Medium

CVSS Details

CVSS Score
6.8 MEDIUM
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Weakness
CWE-290 Authentication Bypass by Spoofing

Description

RabbitMQ AMQP 0-9-1 (and AMQP 1.0 / Stream Protocol) authentication allows a loopback-restricted user to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend listener is loopback-bound. The loopback check is performed on the accepted socket and resolves loopback using the listener-side address (sockname) instead of the real client source. A remote actor who can reach a trusted PROXY-protocol frontend and provide valid loopback-restricted credentials can obtain a live session as that user, and in deployments where guest keeps default admin privileges this can escalate to full broker control. This issue affects RabbitMQ from 4.2.0 before 4.2.6, 4.1.0 before 4.1.11, 4.0.0 before 4.0.20, and 3.13.0 before 3.13.15. Reported by Cantina.

Disclosure Date

Public Disclosure
June 24, 2026