Critical RabbitMQ Vulnerability (CVE-2026-5721) Exposes OAuth Client Secrets
A newly disclosed vulnerability in RabbitMQ, tracked as CVE-2026-5721, allows unauthenticated attackers to extract a broker’s confidential OAuth client secret, potentially enabling full administrative control over messaging infrastructure. The flaw, rated 8.7 (High) on the CVSS scale, stems from an exposed management endpoint in RabbitMQ’s web interface that returns the secret without authentication.
The issue affects RabbitMQ versions 3.13.0 and later, introduced in early 2024, and is particularly dangerous in deployments using OAuth 2.0 or OpenID Connect (e.g., Auth0, Azure AD/Entra ID, Keycloak, or UAA). Exploitation could grant attackers admin-level access, allowing them to manipulate users, queues, messages, and broker configurations. Systems without a configured client secret or those not using the management plugin are unaffected.
Security firm Miggo highlighted that the risk is highest when the management interface is exposed to untrusted networks, such as cloud or multi-tenant environments. Patches have been released in RabbitMQ versions 4.3.0, 4.2.6, 4.1.11, 4.0.20, and 3.13.15.
The updates also address CVE-2026-57221 (CVSS 5.3), a medium-severity flaw allowing authenticated users to enumerate queues and exchanges, potentially aiding reconnaissance for future attacks especially in shared virtual host environments.
While no active exploitation has been observed, Miggo noted that both vulnerabilities stem from long-standing code inconsistencies, underscoring risks in widely deployed software. Organizations are urged to patch affected systems and restrict management interface access.
Source: https://thecyberexpress.com/cve-2026-5721-rabbitmq-vulnerability/
RabbitMQ cybersecurity rating report: https://www.rankiteo.com/company/rabbitmq
Microsoft Security cybersecurity rating report: https://www.rankiteo.com/company/microsoft-security
Auth0 cybersecurity rating report: https://www.rankiteo.com/company/auth0
"id": "RABMICAUT1784010304",
"linkid": "rabbitmq, microsoft-security, auth0",
"type": "Vulnerability",
"date": "1/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Messaging/Queue Management',
'type': 'Software/Technology'}],
'attack_vector': 'Exposed management endpoint (unauthenticated access)',
'data_breach': {'sensitivity_of_data': 'High (confidential credentials '
'enabling administrative access)',
'type_of_data_compromised': 'OAuth client secrets'},
'description': 'A newly disclosed vulnerability in RabbitMQ, tracked as '
'CVE-2026-5721, allows unauthenticated attackers to extract a '
'broker’s confidential OAuth client secret, potentially '
'enabling full administrative control over messaging '
'infrastructure. The flaw stems from an exposed management '
'endpoint in RabbitMQ’s web interface that returns the secret '
'without authentication. The issue affects RabbitMQ versions '
'3.13.0 and later, introduced in early 2024, and is '
'particularly dangerous in deployments using OAuth 2.0 or '
'OpenID Connect. Exploitation could grant attackers '
'admin-level access to manipulate users, queues, messages, and '
'broker configurations. Patches have been released in RabbitMQ '
'versions 4.3.0, 4.2.6, 4.1.11, 4.0.20, and 3.13.15. The '
'updates also address CVE-2026-57221 (CVSS 5.3), a '
'medium-severity flaw allowing authenticated users to '
'enumerate queues and exchanges.',
'impact': {'data_compromised': 'OAuth client secrets, administrative access '
'to messaging infrastructure',
'operational_impact': 'Potential full administrative control over '
'messaging infrastructure, manipulation of '
'users/queues/messages/broker configurations',
'systems_affected': 'RabbitMQ deployments using OAuth 2.0/OpenID '
'Connect with exposed management interface'},
'lessons_learned': 'Risks in widely deployed software due to long-standing '
'code inconsistencies; importance of restricting '
'management interface access and timely patching.',
'post_incident_analysis': {'corrective_actions': 'Patching, access '
'restrictions, enhanced '
'monitoring',
'root_causes': 'Exposed management endpoint '
'returning OAuth client secrets '
'without authentication; '
'long-standing code '
'inconsistencies'},
'recommendations': 'Patch affected RabbitMQ systems immediately; restrict '
'access to the management interface; monitor for '
'unauthorized access or configuration changes.',
'references': [{'source': 'Miggo'}],
'response': {'containment_measures': 'Patching affected systems, restricting '
'management interface access',
'remediation_measures': 'Apply patches (RabbitMQ versions 4.3.0, '
'4.2.6, 4.1.11, 4.0.20, 3.13.15)',
'third_party_assistance': 'Miggo (security firm)'},
'title': 'Critical RabbitMQ Vulnerability (CVE-2026-5721) Exposes OAuth '
'Client Secrets',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': ['CVE-2026-5721', 'CVE-2026-57221']}