CVE-2026-9133

216.73.217.22

· Published 20/05/2026 20:16 · Modified 21/05/2026 15:24

Labels: CVE-2026-9133 2026-05-20 CVE-2026-9133 CWE-489 ff89ba41-3aa1-4d27-914a-91399e9639e5

Essential information

Published: 20/05/2026 20:16
Modified: 21/05/2026 15:24
Author: —
Creator: —
CVSS: 8.3 HIGH (v3) 8.3 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the RabbitMQ process. To remediate this issue, customers should upgrade to version 0.2.1 of rabbitmq-aws. If RabbitMQ is configured to use TLS for connections, we also recommend rotating any associated private certificate keys.

NVD status

Status: Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
NVD: View on NVD

Affected products (CPE)

Product	CPE
amazon-mq / rabbitmq-aws	`cpe:2.3:a:amazon-mq:rabbitmq-aws:<0.2.1:::::::*`
amazon-mq / rabbitmq-aws	`cpe:2.3:a:amazon-mq:rabbitmq-aws:0.2.1:::::::*`