CVE-2026-57220
RabbitMQ · RabbitMQ Server
RabbitMQ Server is vulnerable to resource exhaustion due to lack of proper rate limiting or throttling of incoming requests.
Executive summary
A resource exhaustion vulnerability in RabbitMQ Server allows unauthenticated remote attackers to trigger a denial-of-service condition.
Vulnerability
This vulnerability involves the improper allocation of resources without limits or throttling (CWE-770). An unauthenticated attacker can exploit this by sending a high volume of requests, causing the messaging broker to consume excessive resources and crash.
Business impact
With a CVSS score of 7.5, this vulnerability represents a high risk to infrastructure stability. Because RabbitMQ serves as a critical messaging backbone for many distributed systems, a successful denial-of-service attack could lead to widespread application failure and operational downtime.
Remediation
Immediate Action: Upgrade to RabbitMQ Server version 4.2.6, which includes the necessary resource management controls.
Proactive Monitoring: Monitor system resource usage (CPU and Memory) and connection counts to identify potential resource exhaustion attacks.
Compensating Controls: Implement rate limiting at the network or load balancer level to restrict the volume of incoming traffic to the RabbitMQ management or messaging ports.
Exploitation status
Public Exploit Available: No (exploit_available: false)
Analyst recommendation
Reliability is paramount for messaging brokers. Organizations should treat this as a high-priority update to prevent potential service instability and ensure that resource limits are correctly enforced across their messaging clusters.