Uncontrolled Recursion in RabbitMQ Java Client Library - #VU137270
Published: July 9, 2026
RabbitMQ Java Client Library
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled recursion in ValueReader.readTable(), readArray(), and readFieldValue() when parsing AMQP table and array values from server frames. A remote attacker can send a specially crafted deeply nested table structure to cause a denial of service.
Exploitation is possible before authentication via the initial connection.start frame, and a machine-in-the-middle can also trigger the issue.