OverviewQuickstartResponse FieldsAPI ReferenceSDK ReferenceAccount & PortalAI Agent IntegrationCI/CD IntegrationIntegrations↳ LangChainProductsSupply chainFAQ
products / rabbitmq

RabbitMQ

RabbitMQ is an open-source message broker implementing the AMQP protocol, widely used for task queuing and event-driven architectures. It was originally developed by Pivotal Software before VMware acquired it in 2019; NVD maintains CVE records under both pivotal_software:rabbitmq and vmware:rabbitmq. Attestd queries both namespaces and merges results on CVE ID.

api usage

Querying RabbitMQ

product slugrabbitmq
version format3.13.2, 3.12.6, 3.11.10
bash
curl "https://api.attestd.io/v1/check?product=rabbitmq&version=3.11.0" \
  -H "Authorization: Bearer $ATTESTD_KEY"

RabbitMQ 3.11.0 is affected by CVE-2023-46120 and pre-3.8.x management plugin issues. The aggregated response expects risk_state: "elevated".

json
{
  "product": "rabbitmq",
  "version": "3.11.0",
  "supported": true,
  "risk_state": "elevated",
  "risk_factors": [
    "information_disclosure",
    "authenticated_attack_vector",
    "patch_available"
  ],
  "actively_exploited": false,
  "remote_exploitable": true,
  "authentication_required": false,
  "patch_available": true,
  "fixed_version": "3.12.6",
  "confidence": 0.8,
  "cve_ids": ["CVE-2023-46120"],
  "last_updated": "2026-02-23T18:21:30Z"
}
safe version

RabbitMQ 3.13.2 has no known relevant vulnerabilities at the time of the last synthesis run.

bash
curl "https://api.attestd.io/v1/check?product=rabbitmq&version=3.13.2" \
  -H "Authorization: Bearer $ATTESTD_KEY"
notable cves

CVE history

RabbitMQ's CVE history concentrates in two areas: the web management plugin (XSS, CSRF) and the AMQP protocol parser (denial of service via malformed frames). The dual CPE namespace from the Pivotal-to-VMware acquisition means pre-2019 CVEs require querying the legacy namespace to avoid gaps.

CVEDescriptionAffectsCVSS
CVE-2023-46120Binary planting attack in the RabbitMQ installer for Windows allows a local attacker to escalate privileges by replacing binaries before installation completes.< 3.12.66.6
CVE-2021-32719Cross-site request forgery in the web management plugin allows an attacker to perform actions on behalf of an authenticated user via a crafted link.< 3.8.185.4
CVE-2021-32718Stored cross-site scripting in the web management plugin via queue name or virtual host name fields visible in the management UI.< 3.8.175.4
CVE-2020-5419Denial of service via malformed AMQP frames that cause the broker process to consume unbounded memory.< 3.8.55.0
data sources

Acquisition namespace handling

RabbitMQ was developed by Pivotal Software and acquired by VMware in 2019. NVD filed pre-acquisition CVEs under pivotal_software:rabbitmq and post-acquisition CVEs under vmware:rabbitmq. Attestd queries both namespaces and deduplicates on CVE ID.

cpe:2.3:a:vmware:rabbitmq2019 and later (post-acquisition)
cpe:2.3:a:pivotal_software:rabbitmqPre-2019 (legacy)
related
All productsApache ActiveMQApache KafkaResponse Field Reference