CVE-2026-40971 - Medium - CVE-2026-40971: RabbitMQ auto-configuration with an SSL bundle disables TLS hostname verification
Spring
·
2026-04-23
·
via Spring Security Advisories
Description When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected Spring Products and Versions Spring Boot: 4.0.0 - 4.0.5 3.5.0 - 3.5.13 Mitigation Users of affected versions should upgrade to the corresponding fixed version. Affected version(s) Fix version Availability 4.0.x 4.0.6 OSS 3.5.x 3.5.14 OSS No further mitigation steps are necessary. References https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L&version=3.1 History 2026-04-23: Initial vulnerability report published.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。