CVE-2026-9133

Name of the Vulnerable Software and Affected Versions amazon-mq rabbitmq-aws versions prior to 0.2.1

Description Active debug code in the ARN resolver allows remote authenticated users to perform arbitrary file reads on any file accessible to the RabbitMQ process. This occurs because the 'PUT /api/aws/arn/validate' endpoint accepts a debug ARN scheme (arn:aws-debug:file).

Recommendations Upgrade to version 0.2.1. Rotate any associated private certificate keys if RabbitMQ is configured to use TLS for connections.