CVE-2026-44838

Source
https://cve.org/CVERecord?id=CVE-2026-44838
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44838.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-44838
Aliases
Downstream
Published
2026-05-27T15:03:57.467Z
Modified
2026-07-08T08:13:28.112638457Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:N CVSS Calculator
Summary
RabbitMQ MQTT Topic Permission Authorization Bypass
Details

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^{clientid}-sensors$ to restrict user access to topics that include their client ID. However, the clientid is provided by the user in the MQTT CONNECT packet and is inserted into the regex pattern without escaping special regex characters. This flaw enables an authenticated MQTT user to inject regex operators to bypass authorization. This vulnerability is fixed in 4.2.4 and 4.3.0.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44838.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-863"
    ]
}
References

Affected packages

Git / github.com/rabbitmq/rabbitmq-server

Affected ranges

Type
GIT
Repo
https://github.com/rabbitmq/rabbitmq-server
Events
Database specific
{
    "cpe": "cpe:2.3:a:broadcom:rabbitmq_server:*:*:*:*:*:*:*:*",
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "extracted_events": [
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.2.4"
        }
    ]
}

Affected versions

v4.*
v4.2.0
v4.2.1
v4.2.2
v4.2.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44838.json"