CVE-2026-41701
In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues
Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter.
Affected versions:
Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Produtos afetados
Spring · Spring AMQPQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://spring.io/security/cve-2026-41701