Ctrl + K
/ news / CVE
CVEPublished 2026-05-20Modified 2026-05-210 articles on news6 live referencesNVD data

CVE-2026-9133

Vulnerability data via NVD (ingested)

CVSS v3.1
7.7
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS percentile
Weaknesses (CWE)
CWE-489Active Debug Code
Description

Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the RabbitMQ process. To remediate this issue, customers should upgrade to version 0.2.1 of rabbitmq-aws. If RabbitMQ is configured to use TLS for connections, we also recommend rotating any associated private certificate keys.

Timeline
Published 2026-05-20
Modified 2026-05-21

External references

NVDMITREExploit-DBGitHub PoCSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-9133
Hosts Shodan has explicitly fingerprinted as vulnerable.
More intel sources (5)
Shodan report
vuln:CVE-2026-9133
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-9133
Censys host search filtered to this CVE id.
grep.app
CVE-2026-9133
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-9133
GitHub code search for direct mentions.
Google dork
"CVE-2026-9133" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (1)

CVE-2026-91331 repo
hugefiver/mystarsunknown
★ 16·updated 1d ago
We haven't classified any articles referencing CVE-2026-9133 yet. The external references above still apply.