Input validation error in RabbitMQ Server - CVE-2026-57220
Published: June 25, 2026
RabbitMQ Server
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in rabbit_stream_core when processing oversized stream frames during authentication before Tune negotiation. A remote attacker can send oversized partial frames to cause a denial of service.
Only deployments with the first-party rabbitmq_stream listener enabled and reachable on port 5552 are vulnerable.