CVE-2026-25768

EUVD-2026-6689
LavinMQ is a high-performance message queue & streaming server. Before 2.6.6, an authenticated user could access metadata in the broker they should not have access to. This vulnerability is fixed in 2.6.6.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
84codeslavinmq
𝑥
< 2.6.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/cloudamqp/lavinmq/commit/e871f8d0a53685f04e39e6410a2421c1f82803b0
https://github.com/cloudamqp/lavinmq/pull/1669
https://github.com/cloudamqp/lavinmq/security/advisories/GHSA-r2mh-8vq6-qf7m