CVE-2026-57220

RabbitMQ · RabbitMQ Server

RabbitMQ Server is vulnerable to resource exhaustion due to lack of proper rate limiting or throttling of incoming requests.

Executive summary

A resource exhaustion vulnerability in RabbitMQ Server allows unauthenticated remote attackers to trigger a denial-of-service condition.

Vulnerability

This vulnerability involves the improper allocation of resources without limits or throttling (CWE-770). An unauthenticated attacker can exploit this by sending a high volume of requests, causing the messaging broker to consume excessive resources and crash.

Business impact

With a CVSS score of 7.5, this vulnerability represents a high risk to infrastructure stability. Because RabbitMQ serves as a critical messaging backbone for many distributed systems, a successful denial-of-service attack could lead to widespread application failure and operational downtime.

Remediation

Immediate Action: Upgrade to RabbitMQ Server version 4.2.6, which includes the necessary resource management controls.

Proactive Monitoring: Monitor system resource usage (CPU and Memory) and connection counts to identify potential resource exhaustion attacks.

Compensating Controls: Implement rate limiting at the network or load balancer level to restrict the volume of incoming traffic to the RabbitMQ management or messaging ports.

Exploitation status

Public Exploit Available: No (exploit_available: false)

Analyst recommendation

Reliability is paramount for messaging brokers. Organizations should treat this as a high-priority update to prevent potential service instability and ensure that resource limits are correctly enforced across their messaging clusters.