CVE Catalog

CVE-2026-41701

MediumCVSS 4.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile - higher than 7% of all known CVEs

Summary

Correlation IDs for replies in RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to an internal simple counter.

Risk Assessment

The predictability of correlation IDs may lead to unauthorized access to data or message manipulation within the system.

Recommendation

It is recommended to upgrade to the latest version of Spring AMQP to mitigate this vulnerability.

Original NVD description (English source)

Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS