Home

Description

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^{client_id}-sensors$ to restrict user access to topics that include their client ID. However, the client_id is provided by the user in the MQTT CONNECT packet and is inserted into the regex pattern without escaping special regex characters. This flaw enables an authenticated MQTT user to inject regex operators to bypass authorization. This vulnerability is fixed in 4.2.4 and 4.3.0.

PUBLISHED Reserved 2026-05-07 | Published 2026-05-27 | Updated 2026-05-28 | Assigner GitHub_M




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:N

Problem types

CWE-863: Incorrect Authorization

Product status

>= 4.2.0, < 4.2.4
affected

References

github.com/...server/security/advisories/GHSA-x866-xp2g-cx8v

cve.org (CVE-2026-44838)

nvd.nist.gov (CVE-2026-44838)

Download JSON