CVE-2026-41701

Vulnerability

Spring AMQP versions 4.0.0 through 4.0.3, 3.2.0 through 3.2.10, 3.1.0 through 3.1.15, and 2.4.0 through 2.4.17 are affected by a vulnerability where the correlation IDs generated for replies in the RabbitTemplate.sendAndReceive() method with fixed reply queues are predictable due to an internal simple counter.

Exploitation

An attacker with network access to the RabbitMQ broker can exploit this vulnerability by observing the predictable correlation IDs and sending a malicious reply message to the fixed reply queue with a matching correlation ID. This requires the attacker to be able to interact with the RabbitMQ broker and potentially infer the timing of legitimate requests.

Impact

Successful exploitation allows an attacker to poison the reply queue by sending a crafted message with a predictable correlation ID. This can lead to the application processing an incorrect or malicious reply, potentially causing denial of service or allowing for further manipulation of application logic, depending on how the application handles the received reply.

Mitigation

This vulnerability is addressed in Spring AMQP. Please refer to the official Spring security advisory [1] for specific patched versions and release dates. It is recommended to update to a non-vulnerable version as soon as possible. No workarounds are disclosed in the available references.