Is Solarwinds Self-Hosted effected by the recent RabbitMQ CVE?
securityvulnerability.io/vulnerability/CVE-2026-57219
www.securityweek.com/rabbitmq-vulnerability-threatens-enterprise-systems/
Is Solarwinds Self-Hosted effected by this?
1) RabbitMQ version (for solarwinds platform 2026.1.1): 3.13.7, which is indicated as vulnerable.
2) C:\ProgramData\SolarWinds\Orion\RabbitMQ\enabled_plugins does NOT contain oauth ([rabbitmq_management]. is the only content of the file); however, the output from ‘rabbitmqctl.bat status’ lists oauth2_client as an enabled plugin.
3) output from localhost:15672/api/auth (the compromised endpoint).
{“oauth_enabled”:false}
Based on #3, my understanding is that Solarwinds’s deployment of RabbitMQ is NOT vulnerable to CVE-2026-57219. However, someone please correct me if I’m missing something.
Read more here: Source link
