CVE-2026-57216 in RabbitMQ
Summary
by MITRE • 07/10/2026
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend listener is loopback-bound because the loopback check uses the listener-side socket address instead of the real client source. This issue is fixed in versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 07/10/2026
This vulnerability affects RabbitMQ messaging brokers that implement AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication mechanisms. The flaw resides in the authentication logic where loopback-restricted users can bypass security controls when connections are routed through a trusted PROXY-protocol path. The issue stems from improper socket address validation during the authentication process, specifically when backend listeners are configured to accept only loopback traffic. This creates a critical security gap that allows unauthorized remote access to systems that should be restricted to local connections only.
The technical root cause involves the authentication system's failure to properly distinguish between the proxy-side socket address and the actual client source address. When a connection is established through a trusted PROXY-protocol enabled path, the system incorrectly validates the loopback restriction using the listener-side socket address rather than examining the real client source. This misidentification allows users authenticated through loopback-restricted accounts to establish remote connections when they should be confined to local access only. The vulnerability specifically impacts systems where backend listeners are configured with loopback binding but traffic is accepted through proxy protocols that preserve client information.
The operational impact of this vulnerability is significant as it undermines fundamental security controls designed to restrict administrative access to locally bound services. An attacker could exploit this flaw to gain unauthorized remote access to RabbitMQ instances that should only accept connections from localhost, potentially compromising message queues, data integrity, and system availability. The issue affects authentication mechanisms across multiple protocol versions, making it particularly dangerous for environments that rely on the guest user account or other loopback-restricted credentials. This vulnerability directly relates to CWE-284: Improper Access Control and aligns with ATT&CK technique T1078.004: Valid Accounts - Cloud Accounts, as it enables unauthorized access through legitimate but improperly validated authentication paths.
Organizations should immediately upgrade their RabbitMQ installations to versions 3.13.15, 4.0.20, 4.1.11, or 4.2.6 to remediate this vulnerability. System administrators should also review proxy protocol configurations and ensure that backend listeners are properly secured with appropriate access controls. Additional mitigations include implementing network-level restrictions using firewalls, monitoring for unauthorized connections to loopback-bound services, and regularly auditing authentication logs for suspicious activities. Security teams should validate that all proxy protocols are correctly configured to preserve client source addresses and that authentication systems properly validate connection origins against their intended security boundaries.