RabbitMQ OAuth client secret leak security flaw (CVE-2026-57219)
Vulnerability
Summary
Hide ▲
Show ▼
RabbitMQ disclosed CVE-2026-57219, a management API flaw that can leak an OAuth client secret from GET /api/auth and enable full broker takeover in affected deployments. The vulnerability affects installations using management.oauth_client_secret and raises the risk of administrator token theft, message exposure, and broker control.
Related Happenings
BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave
Exploitation Wave
H score76
First: 12.02.2026 23:34
Last: 12.02.2026 23:34
Sources 1
About this happening:
**CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...
BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave
Exploitation WaveAbout this happening: **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...
N8n sandbox escape flaws (multiple vulnerabilities)
Vulnerability
H score41
First: 04.02.2026 15:00
Last: 04.02.2026 15:00
Sources 1
About this happening:
Two **maximum-severity sandbox-escape flaws** in **n8n** expose **self-hosted and cloud instances** to **complete server takeover** and **credential theft**. An **authenticated us...
N8n sandbox escape flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: Two **maximum-severity sandbox-escape flaws** in **n8n** expose **self-hosted and cloud instances** to **complete server takeover** and **credential theft**. An **authenticated us...
Timeline
-
14.07.2026 16:48 2 articles · 2h ago
Miggo discloses RabbitMQ OAuth secret leak in GET /api/auth
Initial DisclosureMiggo disclosed a RabbitMQ management API flaw, CVE-2026-57219, in which the obsolete GET /api/auth endpoint can reveal the confidential OAuth secret when OAuth 2 is configured with management.oauth_client_secret, allowing an attacker to exchange it for an administrator token and take control of the broker. The disclosure also noted a separate RabbitMQ tenant-isolation flaw and said there was no evidence of active exploitation before public disclosure.
Show sources
- RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata — thehackernews.com — 14.07.2026 16:48
- RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata — thehackernews.com — 14.07.2026 16:48