Unsafe reflection in RabbitMQ Java Client Library - #VU137271
Published: July 9, 2026
RabbitMQ Java Client Library
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to use of externally-controlled input to select classes or code in ProcedureDescription in com.rabbitmq.tools.jsonrpc when processing a crafted JSON-RPC service description from untrusted AMQP messages. A remote attacker can send a crafted system.describe response with attacker-controlled javaReturnType values to execute arbitrary code.
The issue is triggered when a JsonRpcClient connects to a JSON-RPC service, and the selected class may also be used as the expected type for reply parsing.