Primary

Context

Spring Boot RabbitMQ Auto-Configuration Hostname Verification Vulnerability

Vulnerability

Patched

A vulnerability exists in Spring Boot's RabbitMQ auto-configuration when an SSL bundle is used. The issue arises because hostname verification is not performed when connecting to the RabbitMQ broker. This vulnerability affects Spring Boot versions 4.0.0 to 4.0.5 and 3.5.0 to 3.5.13.

Impact

The lack of hostname verification can lead to man-in-the-middle attacks, where an attacker could intercept and potentially alter the communication between the Spring Boot application and the RabbitMQ broker.

Remediation

Users should upgrade to Spring Boot 4.0.6 or 3.5.14, depending on their current version.

Added: Apr 27, 2026, 11:22 PM

Updated: Apr 27, 2026, 11:22 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

5.0

exploitability

6.4

remediation

7.7

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

5.0

exploitability

6.4

remediation

7.7

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring Boot RabbitMQ Auto-Configuration Hostname Verification Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Spring Boot

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating