< BACK TO NEWS
importantSYS.SOURCE: The Hacker News2026-07-14T19:18:07+05:30

RabbitMQ Vulnerabilities Expose OAuth Secrets and Cross-Tenant Data

Two critical access control flaws in RabbitMQ allow unauthenticated attackers to leak OAuth secrets and expose cross-tenant queue metadata, with patches available in versions 4.3.0 and later. The vulnerabilities highlight risks in misconfigured OAuth setups and insufficient authorization checks in management interfaces.

Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass tenant boundaries.

Miggo's security team, which discovered and reported the flaws, said one "leaks the broker's confidential OAuth

Read original article

*** END OF TRANSMISSION ***

> MAJOR PUBLISHERS SUE GOOGLE FOR UNAUTHORIZED AI TRAINING USING COPYRIGHTED CONTENT> PRISMML UNVEILS BONSAI 27B: A 27B-PARAMETER LANGUAGE MODEL OPTIMIZED FOR MOBILE DEVICES> DEEPMIND CEO PROPOSES INDEPENDENT REGULATORY FRAMEWORK FOR FRONTIER AI DEVELOPMENT> KONTIGO (YC S24) SEEKS HEAD OF SECURITY FOR USDC-SMART NEOBANK> AI-ASSISTED PROGRAMMING AND THE EROSION OF SHARED TECHNICAL UNDERSTANDING> S&P DOWNGRADES ORACLE TO BBB, APPROACHING JUNK STATUS> DISCOVERY OF LABUBARAT: NVIDIA-IMITATING REMOTE ACCESS TROJAN TARGETING WINDOWS SYSTEMS> DEEPSEEK SEEKS $1.5B FUNDING AHEAD OF POTENTIAL 2027 IPO> EVALUATING INPUT LATENCY IN LINUX GAMING ENVIRONMENTS: X11, WAYLAND, VRR, AND DXVK PERFORMANCE ANALYSIS> META EXECUTIVE PROPOSES AI TOKEN BUDGET CAPS PER ENGINEER TO MANAGE COSTS> MAJOR PUBLISHERS SUE GOOGLE FOR UNAUTHORIZED AI TRAINING USING COPYRIGHTED CONTENT> PRISMML UNVEILS BONSAI 27B: A 27B-PARAMETER LANGUAGE MODEL OPTIMIZED FOR MOBILE DEVICES> DEEPMIND CEO PROPOSES INDEPENDENT REGULATORY FRAMEWORK FOR FRONTIER AI DEVELOPMENT> KONTIGO (YC S24) SEEKS HEAD OF SECURITY FOR USDC-SMART NEOBANK> AI-ASSISTED PROGRAMMING AND THE EROSION OF SHARED TECHNICAL UNDERSTANDING> S&P DOWNGRADES ORACLE TO BBB, APPROACHING JUNK STATUS> DISCOVERY OF LABUBARAT: NVIDIA-IMITATING REMOTE ACCESS TROJAN TARGETING WINDOWS SYSTEMS> DEEPSEEK SEEKS $1.5B FUNDING AHEAD OF POTENTIAL 2027 IPO> EVALUATING INPUT LATENCY IN LINUX GAMING ENVIRONMENTS: X11, WAYLAND, VRR, AND DXVK PERFORMANCE ANALYSIS> META EXECUTIVE PROPOSES AI TOKEN BUDGET CAPS PER ENGINEER TO MANAGE COSTS