importantSYS.SOURCE: The Hacker News• 2026-07-14T19:18:07+05:30
RabbitMQ Vulnerabilities Expose OAuth Secrets and Cross-Tenant Data
Two critical access control flaws in RabbitMQ allow unauthenticated attackers to leak OAuth secrets and expose cross-tenant queue metadata, with patches available in versions 4.3.0 and later. The vulnerabilities highlight risks in misconfigured OAuth setups and insufficient authorization checks in management interfaces.
Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass tenant boundaries.
Miggo's security team, which discovered and reported the flaws, said one "leaks the broker's confidential OAuth
*** END OF TRANSMISSION ***