CVE Catalog
CVE-2026-41701
MediumCVSS 4.4Exploitation Probability (EPSS)
Low risk0.17%
7th percentile - higher than 7% of all known CVEs
Summary
Correlation IDs for replies in RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to an internal simple counter.
Risk Assessment
The predictability of correlation IDs may lead to unauthorized access to data or message manipulation within the system.
Recommendation
It is recommended to upgrade to the latest version of Spring AMQP to mitigate this vulnerability.
Original NVD description (English source)
Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17.

