CVE-2026-44838
Received Received - Intake
BaseFortify

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: GitHub, Inc.

Description
RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^{client_id}-sensors$ to restrict user access to topics that include their client ID. However, the client_id is provided by the user in the MQTT CONNECT packet and is inserted into the regex pattern without escaping special regex characters. This flaw enables an authenticated MQTT user to inject regex operators to bypass authorization. This vulnerability is fixed in 4.2.4 and 4.3.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-05-27
AI Q&A
2026-05-27
EPSS Evaluated
N/A
NVD
CVE-2026-44838
EUVD
EUVD-2026-32548
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
rabbitmq rabbitmq_mqtt_plugin From 4.2.0 (inc) to 4.2.4 (exc)
rabbitmq rabbitmq_mqtt_plugin 4.2.4
rabbitmq rabbitmq_mqtt_plugin 4.3.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in RabbitMQ's MQTT plugin versions from 4.2.0 to before 4.2.4. The plugin uses regular expressions with variable substitution to enforce topic-level authorization, allowing administrators to restrict user access to specific topics based on client IDs.

However, the client_id used in these regex patterns is provided by the user in the MQTT CONNECT packet and is inserted into the regex without escaping special regex characters. This allows an authenticated MQTT user to inject regex operators, potentially bypassing the intended authorization restrictions.

The issue was fixed in RabbitMQ versions 4.2.4 and 4.3.0.


How can this vulnerability impact me? :

This vulnerability can allow an authenticated MQTT user to bypass topic-level authorization controls by injecting special regex characters into the client_id. As a result, the user may gain unauthorized access to topics they should not have permission to access.

This unauthorized access could lead to exposure of sensitive messaging data or unauthorized message publishing, potentially compromising the confidentiality and integrity of the messaging system.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade RabbitMQ to version 4.2.4 or later, or 4.3.0 or later, where the issue has been fixed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart