NewIntroducing ISO360 — our all-in-one ISO compliance platform
All advisories
CVE-2026-57213MEDIUM · CVSS 4.8

CVE-2026-57213

broadcom · rabbitmq server

What's the vulnerability?

RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmq_federation_management plugin renders the consumer_tag field on the Federation Status page without HTML escaping, allowing a user who can configure a federation upstream or policy to execute JavaScript in the browser of a user viewing that page. This issue is fixed in versions 3.13.14, 4.0.19, 4.1.10, and 4.2.5.

Recommended remediation

  1. Inventory all assets running the affected vendor and product, including shadow IT and third-party hosted instances.
  2. Apply the vendor patch or mitigation referenced in the advisories below. Where no patch exists, isolate the asset or restrict network exposure.
  3. Hunt for indicators of prior compromise — exploitation of this class of bug often predates public disclosure.
  4. Deploy detections for the exploit primitives (network signature, EDR rule, WAF rule) and re-test after remediation.

Need help executing these steps? Our team typically completes validation and remediation within a single patch cycle. Request remediation support →