{"id":"CVE-2026-57220","summary":"RabbitMQ: Stream listener does not enforce configured frame-size limit during authentication, permitting unauth'd mem-exhaust DoS","details":"RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame lengths and consume broker memory in rabbit_stream_core. This issue is fixed in version 4.2.6.","aliases":["GHSA-f364-87q5-j35q"],"modified":"2026-07-15T01:49:20.467204482Z","published":"2026-07-10T20:19:23.162Z","database_specific":{"cwe_ids":["CWE-770"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/57xxx/CVE-2026-57220.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.2.6"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/57xxx/CVE-2026-57220.json"},{"type":"ADVISORY","url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-f364-87q5-j35q"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-57220"},{"type":"FIX","url":"https://github.com/rabbitmq/rabbitmq-server/commit/595ec28fa1621b1f2c28124e4e0466a8ad963547"},{"type":"FIX","url":"https://github.com/rabbitmq/rabbitmq-server/commit/773a49c4921e8be990262a2d609c35916825679e"},{"type":"FIX","url":"https://github.com/rabbitmq/rabbitmq-server/pull/16171"},{"type":"FIX","url":"https://github.com/rabbitmq/rabbitmq-server/pull/16173"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rabbitmq/rabbitmq-server","events":[{"introduced":"95c501fbad76c66156346cf364d158d6e30aa4d9"},{"fixed":"595ec28fa1621b1f2c28124e4e0466a8ad963547"},{"fixed":"773a49c4921e8be990262a2d609c35916825679e"},{"fixed":"8a56c37f099a7bf609a555de3f0ff8ed23964d20"}],"database_specific":{"source":["AFFECTED_FIELD","REFERENCES"],"extracted_events":[{"introduced":"4.2.0"},{"fixed":"4.2.6"}]}}],"versions":["v4.2.5","v4.2.4","v4.2.3","v4.2.2","v4.2.1","v4.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-57220.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}