HIGHRemediated

CVE-2026-3847

AMQP 1.0 frame parsing heap overflow

Technology

RabbitMQ

CVSS Score

8.6 / 10.0

Affected Versions

3.13.0 – 3.13.7

Patched In

OSSeva for RabbitMQ 3.13.7-1

Published

April 1, 2026

Remediated

April 13, 2026 (4d ago)

Description

A heap overflow in the AMQP 1.0 frame parser allows a remote, unauthenticated attacker to cause a denial of service or potentially execute arbitrary code by sending a crafted AMQP 1.0 OPEN frame.

Is your RabbitMQ deployment affected?

If you're running 3.13.0 – 3.13.7, you need this patch. Book a discovery call to get covered.

Book a discovery call View RabbitMQ coverage →