Aug 4-6 · Las VegasCantina is at Black Hat USA · Booth 5200, AI ZoneBook a meeting
improper-handling-of-exceptional-conditions

CVE-2026-57217

RabbitMQ

High

CVSS Details

CVSS Score
7.0 HIGH
Vector String
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Weakness
CWE-755 Improper Handling of Exceptional Conditions

Description

RabbitMQ topic authorization allows restricted topic operations during metadata-store failures due to error collapsing in topic-permission lookup handling. The internal backend fetches topic permissions and treats undefined as allow, while the database helper returns undefined for any non-{ok, TopicPermission} Khepri response, including timeout/error paths. This turns transient Khepri lookup faults into authorization success for topic writes/binds that should remain denied. An authenticated low-privileged tenant can publish or bind to routing keys outside its configured topic regex during Khepri lookup failures, enabling unauthorized cross-tenant message routing in shared topic exchanges. This issue affects RabbitMQ from 4.2.0 before 4.2.6, 4.1.0 before 4.1.11, 4.0.0 before 4.0.21, and 3.13.0 before 3.13.15. Reported by Cantina.

Disclosure Date

Public Disclosure
June 24, 2026