RabbitMQ fixed a high-severity information disclosure vulnerability, CVE-2026-57219, that could let unauthenticated attackers retrieve OAuth 2 client secrets through the obsolete management API endpoint GET /api/auth. The issue affects deployments with the management plugin enabled and management.oauth_client_secret configured in certain less common OAuth 2 setups. Affected versions are >= 3.13.0 and < 3.13.15, >= 4.0.0 and < 4.0.21, >= 4.1.0 and < 4.1.11, and >= 4.2.0 and < 4.2.6; the flaw is rated CVSS 4.0 8.7 and is classified under CWE-200.
The vendor addressed the exposure in RabbitMQ 3.13.15, 4.0.20, 4.1.11, and 4.2.6. RabbitMQ 4.2.6 was released as a maintenance update with broader security-relevant hardening, including improved permission enforcement, access control, API behavior, WebSocket safety limits, login timeout handling, origin validation, and protections against excessive CPU and memory consumption from malformed inputs. The release also removed the deprecated unused API endpoint tied to the disclosure risk and reduced exposure of sensitive connection URI data in shovel status output, with users advised to upgrade and verify supported Erlang versions before deployment.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
CVE-2026-57219 was published as a high-severity RabbitMQ vulnerability involving unauthenticated disclosure of OAuth 2 client secrets through the obsolete GET /api/auth endpoint in certain less common OAuth 2 configurations. The advisory states the issue affects multiple RabbitMQ branches and was fixed in versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6.
RabbitMQ published version 4.2.6 as a maintenance release in the 4.2.x series, including numerous bug fixes and security-relevant hardening changes across the server and plugins. The release also removed a deprecated unused API endpoint and updated dependencies.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
cvefeed.io
Open sourcegithub.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.