Input validation error in RabbitMQ Server - #VU137287
Published: July 10, 2026
RabbitMQ Server
Detailed vulnerability description
The vulnerability allows a remote attacker to cause integrity issues by causing a stale authentication-mechanism preference to persist across logout.
The vulnerability exists due to improper input validation in get_auth_mechanism/1 when clearing the consumed auth-mechanism cookie. A remote attacker can trigger the application to send a malformed Set-Cookie header with a non-conformant cookie name to cause integrity issues by causing a stale authentication-mechanism preference to persist across logout.
User interaction is required, and the issue is limited to weak session hygiene in browser-based use, such as shared-browser scenarios.