RabbitMQ Vulnerability Threatens Enterprise Systems
A vulnerability in RabbitMQ could allow attackers to obtain the broker’s confidential OAuth secret, potentially posing a serious threat to enterprises, according to cybersecurity firm Miggo.
RabbitMQ is a popular open source message broker that routes, buffers, and distributes messages, enabling asynchronous communication between applications.
Tracked as CVE-2026-5721 (CVSS score of 8.7), the security defect impacts an open management endpoint that returns the OAuth secret to anyone, without authentication.
The bug was discovered in an obsolete endpoint in RabbitMQ’s management web interface, and could be triggered in configurations where the administrator had set up the broker’s confidential password for identity provider authentication.
“Anyone who could reach the management port could fetch it, then, where the OAuth grant makes the secret usable, impersonate the broker to the identity provider and obtain an administrator token,” Miggo says.
In configurations that use the exposed secret, which is the standard when an OAuth 2/OIDC...
Copyright of this story solely belongs to securityweek.com. To see the full text click HERE