Input validation error in RabbitMQ Java Client Library - #VU137275
Published: July 9, 2026
RabbitMQ Java Client Library
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in the socket inbound frame reader when processing broker-supplied AMQP frames during connection setup. A remote attacker can send a specially crafted frame larger than the negotiated frame_max to cause a denial of service.
The issue is reachable when the client connects to a malicious or compromised AMQP broker and uses a smaller negotiated frame_max than the inbound body-size limit.