Information disclosure in RabbitMQ Server - CVE-2026-57219
Published: June 25, 2026 / Updated: June 25, 2026
RabbitMQ Server
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to exposure of sensitive information in the HTTP API endpoint GET /api/auth when handling unauthenticated requests on affected OAuth 2 configurations. A remote attacker can send a request to the endpoint to disclose sensitive information.
Only installations with the management plugin enabled and OAuth 2 configured to use the management.oauth_client_secret setting are vulnerable.