CVE-2026-25768

Publication date

2026-02-12 19:52:50

Family

GitHub_M

State

PUBLISHED

Description

LavinMQ is a high-performance message queue & streaming server. Before 2.6.6, an authenticated user could access metadata in the broker they should not have access to. This vulnerability is fixed in 2.6.6.