CVE-2026-44393
Summary
| CVE | CVE-2026-44393 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-04 16:16:38 UTC |
| Updated | 2026-06-30 03:19:53 UTC |
| Description | An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When ssl_ca_file is configured, the driver enables certificate chain validation but does not pass the expected broker hostname into the underlying TLS stack. Any certificate signed by the deployment CA is accepted regardless of hostname, allowing an attacker who can intercept control-plane traffic to impersonate the RabbitMQ broker and perform a man-in-the-middle attack on RPC and notification traffic. All OpenStack services using oslo.messaging with RabbitMQ over TLS are affected. |
Risk And Classification
Primary CVSS: v3.1 7.4 HIGH from ADP
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS: 0.001600000 probability, percentile 0.055620000 (date 2026-07-04)
Problem Types: CWE-297 | CWE-295 | n/a | CWE-297 CWE-297 Improper Validation of Certificate with Host Mismatch | CWE-295 Improper Certificate Validation
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | DECLARED | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | ADP | CVSS | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | Secondary | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
NoneCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | N/a | affected n/a | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenStack Platform 16.2 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenStack Platform 17.1 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenStack Platform 18.0 | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| bugs.launchpad.net/oslo.messaging/+bug/2150316 | [email protected] | bugs.launchpad.net | |
| bugzilla.redhat.com/show_bug.cgi | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | bugzilla.redhat.com | |
| access.redhat.com/security/cve/CVE-2026-44393 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44393.json | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | security.access.redhat.com | |
| wiki.openstack.org/wiki/OSSN/OSSN-0096 | [email protected] | wiki.openstack.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2026-06-04T16:01:33.285Z | Reported to Red Hat. |
| ADP | 2026-06-04T00:00:00.000Z | Made public. |
Workarounds
ADP: To mitigate the risk of man-in-the-middle attacks, restrict network access to the RabbitMQ message broker. Configure firewall rules to permit inbound connections to the RabbitMQ port (typically 5672 or 5671 for AMQPS) only from authorized hosts and services within the control plane. This operational measure reduces the exposure to attackers attempting to intercept and impersonate the broker.
There are currently no legacy QID mappings associated with this CVE.