Cleartext transmission of sensitive information in RabbitMQ Java Client Library - #VU137273
Published: July 9, 2026
RabbitMQ Java Client Library
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to cleartext transmission of credentials in the default connection configuration when using the default plaintext port with PLAIN SASL. A remote attacker can observe network traffic to disclose sensitive information.
The default port is 5672, and credentials may be sent unencrypted in this configuration.