ngCERT SECURITY ADVISORY ON ACCESSIBLE ADVANCED MESSAGE QUEUING PROTOCOL (AMQP) SERVICES AFFECTING CRITICAL NATIONAL INFRASTRUCTURES

Advisory ID:   ngCERT-2026-030003

SUMMARY

ngCERT has identified exposed Accessible Advanced Message Queuing Protocol (AMQP) services in certain Critical National Infrastructures. This vulnerability may permit unauthorized access and operational disruption, particularly in IoT environments. Organisations are advised to secure and remediate their systems promptly.

DESCRIPTION

Accessible AMQP is an open standard, broker-based messaging protocol that enables secure and reliable communication between producers and consumers through exchanges and queues, supporting message acknowledgement, persistence, and routing. A successful exploitation of Accessible AMQP may result in traffic flooding, denial of service, resource exhaustion, Man-in-the-Middle (MitM) attacks, and unauthorized access through misconfigured virtual hosts or queues. Such vulnerabilities are especially critical in operational technology, industrial automation, healthcare, energy, financial services, and other essential sectors where message integrity and availability are mission-critical.

Damage:      Critical 

Probability:  High

Platform(s):  IoT

CONSEQUENCES

If successfully exploited, the vulnerability may result in:

1. Disruption of IoT services and operational downtime
2. Resource exhaustion affecting system performance and availability
3. Unauthorized interception or manipulation of sensitive data
4. Execution of malicious or unauthorized commands
5. Compromise of system integrity, leading to reputational, financial, regulatory, and potential national security impacts in Critical National Infrastructure environments.

SOLUTION/MITIGATION

ngCERT recommends the following:

1. Restrict public exposure of Accessible AMQP services and limit access to trusted networks.
2. Enforce TLS encryption and strong authentication mechanisms.
3. Remove default credentials and apply network segmentation and traffic controls.
4. Enable continuous monitoring and logging for suspicious activities.
5. Regularly update and patch IoT devices and AMQP broker software, and report confirmed incidents to " data-linkindex="0"> or 090 5555 4499.

HYPERLINK

• https://activemq.apache.org/components/classic/documentation/amqp
• https://joiv.org/index.php/joiv/article/viewFile/3043/1358