Affected versions:
Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://spring.io/security/cve-2026-41701 |
|
Wed, 10 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 10 Jun 2026 11:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Spring
Spring spring Amqp |
|
| Vendors & Products |
Spring
Spring spring Amqp |
Wed, 10 Jun 2026 00:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17. | |
| Title | In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues | |
| Weaknesses | CWE-330 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: vmware
Published:
Updated: 2026-06-23T20:48:22.061Z
Reserved: 2026-04-22T06:21:22.982Z
Link: CVE-2026-41701
Updated: 2026-06-10T13:04:48.444Z
Status : Awaiting Analysis
Published: 2026-06-10T00:16:51.107
Modified: 2026-06-10T19:24:04.320
Link: CVE-2026-41701
No data.
OpenCVE Enrichment
Updated: 2026-06-10T11:21:47Z