CVE-2026-9133— Arbitrary file read in rabbitmq-aws plugin
Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AWS | RabbitMQ AWS | 0.1.0≤ 0.2.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-9133
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary file read in rabbitmq-aws plugin
Source: NVD (National Vulnerability Database)
Vulnerability Description
Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the RabbitMQ process. To remediate this issue, customers should upgrade to version 0.2.1 of rabbitmq-aws. If RabbitMQ is configured to use TLS for connections, we also recommend rotating any associated private certificate keys.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
遗留的调试代码
Source: NVD (National Vulnerability Database)
Vulnerability Title
RabbitMQ AWS infrastructure Plugin 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
RabbitMQ AWS infrastructure Plugin是amazon-mq开源的一个用于集成AWS基础设施的RabbitMQ插件。 RabbitMQ AWS infrastructure Plugin 0.2.1之前版本存在安全漏洞,该漏洞源于ARN解析器中存在调试代码,可能导致远程认证用户对RabbitMQ进程可访问的任何文件执行任意文件读取。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| AWS | RabbitMQ AWS | 0.1.0 ~ 0.2.0 | - |
II. Public POCs for CVE-2026-9133
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 6367 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-9133
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-9133 (2)
- 🔗 CVE-2026-9133 - Arbitrary file read in rabbitmq-aws pluginvendor-advisory
Vendor Pages for CVE-2026-9133 (1)
IV. Related Vulnerabilities
Same vendor: AWS
- CVE-2026-9291
Insecure Deserialization in Amazon Braket SDK Job Results Pr - CVE-2026-9255
Tool Execution Without Authorization via Piped Stdin in Kiro - CVE-2026-8838
Remote Code Execution via eval() Injection in amazon-redshif - CVE-2026-7461
OS Command Injection in Amazon ECS Agent via FSx Windows Fil - CVE-2026-7426
Out-of-Bounds Write via Unsanitized Prefix Length in Router
Same weakness: CWE-489
V. Comments for CVE-2026-9133
No comments yet