CVE-2026-57217
RabbitMQ
CVSS Details
Description
RabbitMQ topic authorization allows restricted topic operations during metadata-store failures due to error collapsing in topic-permission lookup handling. The internal backend fetches topic permissions and treats undefined as allow, while the database helper returns undefined for any non-{ok, TopicPermission} Khepri response, including timeout/error paths. This turns transient Khepri lookup faults into authorization success for topic writes/binds that should remain denied. An authenticated low-privileged tenant can publish or bind to routing keys outside its configured topic regex during Khepri lookup failures, enabling unauthorized cross-tenant message routing in shared topic exchanges. This issue affects RabbitMQ from 4.2.0 before 4.2.6, 4.1.0 before 4.1.11, 4.0.0 before 4.0.21, and 3.13.0 before 3.13.15. Reported by Cantina.