Improper access control in RabbitMQ Server - CVE-2026-57215
Published: June 25, 2026
RabbitMQ Server
Detailed vulnerability description
The vulnerability allows a remote user to inject messages into another tenant's reply channel and cause silent routing loss conditions.
The vulnerability exists due to improper access control in direct-reply-to binding handling when binding and unbinding volatile amq.rabbitmq.reply-to.* destinations. A remote user can create and retain a crafted binding to inject messages into another tenant's reply channel and cause silent routing loss conditions.
Exploitation requires normal bind and publish permissions in a shared virtual host.