Home

Description

A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack.

PUBLISHED Reserved 2026-03-04 | Published 2026-05-26 | Updated 2026-06-09 | Assigner Genetec




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Product status

Default status
unaffected

<3.13.7.19 (semver)
affected

>=3.13.7.19 (semver)
unaffected

Default status
unaffected

<3.4.1.0 (semver)
affected

>=3.4.1.0 (semver)
unaffected

Default status
unaffected

<2.11 (semver)
affected

>=2.11 (semver)
unaffected

Default status
unaffected

<5.5.118.0 (semver)
affected

>=5.5.118.0 (semver)
unaffected

<6.0.196.0 (semver)
affected

>=6.0.196.0 (semver)
unaffected

Default status
unaffected

<1.6 (semver)
affected

>=1.6 (semver)
unaffected

Default status
unaffected

<5.2.1 (semver)
affected

>=5.2.1 (semver)
unaffected

Default status
unaffected

<1.2 (semver)
affected

>=1.2 (semver)
unaffected

Credits

Johannes Kruchem & Christian Hager from SEC Consult Vulnerability Lab. finder

References

seclists.org/fulldisclosure/2026/Jun/2

resources.genetec.com/...itmq-deployment-in-genetec-products

ressources.genetec.com/...rabbitmq-dans-les-produits-genetec

cve.org (CVE-2026-25112)

nvd.nist.gov (CVE-2026-25112)

Download JSON