CVE-2026-25768 – LavinMQ is missing vhost access control

CVE ID : CVE-2026-25768

Published : Feb. 12, 2026, 7:52 p.m. | 34 minutes ago

Description : LavinMQ is a high-performance message queue & streaming server. Before 2.6.6, an authenticated user could access metadata in the broker they should not have access to. This vulnerability is fixed in 2.6.6.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…