CVE-2026-40971
SSL Hostname Verification Bypass in Spring Boot RabbitMQ Auto-Config
Publication date: 2026-04-27
Last updated on: 2026-04-27
Assigner: VMware
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vmware | spring_boot | From 4.0.0 (inc) to 4.0.5 (inc) |
| vmware | spring_boot | From 3.5.0 (inc) to 3.5.13 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Spring Boot to version 4.0.6 or later if you are using the 4.0.x series, or to version 3.5.14 or later if you are using the 3.5.x series.
This update fixes the issue where hostname verification is not performed when connecting to the RabbitMQ broker using an SSL bundle.
Can you explain this vulnerability to me?
This vulnerability occurs in Spring Boot's RabbitMQ auto-configuration when it is set up to use an SSL bundle. Specifically, the system does not perform hostname verification when connecting to the RabbitMQ broker.
Hostname verification is a security measure that ensures the server you are connecting to is the one you expect by checking the server's hostname against the SSL certificate. Without this verification, an attacker could potentially intercept or redirect the connection.
How can this vulnerability impact me? :
The lack of hostname verification when connecting to the RabbitMQ broker can lead to man-in-the-middle attacks. An attacker could impersonate the RabbitMQ server, intercepting or altering the data transmitted between your application and the broker.
This can result in confidentiality, integrity, and availability impacts, as indicated by the CVSS score which rates the impact on confidentiality, integrity, and availability as low.