CNNVD-202602-2082 Information
CNNVD ID
CNNVD-202602-2082
Related CVE
- CNNVD Published: 2026-02-12
Description (Chinese)
lavinmq是CloudAMQP开源的一个消息队列和流媒体服务器。 LavinMQ 2.6.8之前版本存在安全漏洞,该漏洞源于具有Policymaker标签的认证用户可绕过访问控制创建shovels,可能导致读取或发布未授权虚拟主机的消息。
Description (English)
Lavinmq is an open-source news queue and streaming media server for ClaudeAMQP. The previous version of LavinMQ 2.6.8 had a security loophole, which stemmed from the fact that a certified user with the Polycymaker label could create a shovels by bypassing access controls, which could lead to reading or publishing unauthorized virtual hosts.
Vulnerability Type
其他
Affected Vendor
CloudAMQP
Published
2026-02-12
Last Modified
2026-02-24
References
https://github.com/cloudamqp/lavinmq/commit/3a83e5894495b60c7c32a79c3dbc9bd9fa237d9a https://github.com/cloudamqp/lavinmq/commit/be03da31f3db1a2552f7094ff58e953ef50cdc82 https://github.com/cloudamqp/lavinmq/pull/1670 https://github.com/cloudamqp/lavinmq/pull/1687 https://github.com/cloudamqp/lavinmq/security/advisories/GHSA-wh37-6vrr-r9wg
Patch
https://github.com/cloudamqp/lavinmq/releases
Share on: