← Zuruck zu CVEs
CVE-2026-25767
HIGH8.1
Beschreibung
LavinMQ is a high-performance message queue & streaming server. Before 2.6.8, an authenticated user, with the “Policymaker” tag, could create shovels bypassing access controls. an authenticated user with the "Policymaker" management tag could exploit it to read messages from vhosts they are not authorized to access or publish messages to vhosts they are not authorized to access. This vulnerability is fixed in 2.6.8.
CVE Details
CVSS v3.1 Bewertung8.1
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht2/12/2026
Zuletzt geandert2/20/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
84codes:lavinmq
Schwachen (CWE)
CWE-863
Referenzen
https://github.com/cloudamqp/lavinmq/commit/3a83e5894495b60c7c32a79c3dbc9bd9fa237d9a(security-advisories@github.com)
https://github.com/cloudamqp/lavinmq/commit/be03da31f3db1a2552f7094ff58e953ef50cdc82(security-advisories@github.com)
https://github.com/cloudamqp/lavinmq/pull/1670(security-advisories@github.com)
https://github.com/cloudamqp/lavinmq/pull/1687(security-advisories@github.com)
https://github.com/cloudamqp/lavinmq/security/advisories/GHSA-wh37-6vrr-r9wg(security-advisories@github.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.