CVE-2026-25768

Vulnerability Description

LavinMQ is a high-performance message queue & streaming server. Before 2.6.6, an authenticated user could access metadata in the broker they should not have access to. This vulnerability is fixed in 2.6.6.

Vulnerability Details

Published Date

February 12, 2026

Last Modified

February 13, 2026

CWE ID

CWE-862

Source

NVD

Vendor

cloudamqp

Product

lavinmq

External References

https://github.com/cloudamqp/lavinmq/commit/e871f8d0a53685f04e39e6410a2421c1f82803b0
https://github.com/cloudamqp/lavinmq/pull/1669
https://github.com/cloudamqp/lavinmq/security/advisories/GHSA-r2mh-8vq6-qf7m

CVE-2026-25768

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment