CRITICAL🇵🇱 Wersja polska

CVE-2026-24457

CVSS 9.1v3.1pub. 2026-03-05upd. 2026-04-15

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  • Eclipse Openmq

    APP
    Eclipse
    ≤ 6.5.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2026-22886CRITICAL9.8PL ✓ten sam produkt

Eclipse OpenMQ — domyślne dane logowania umożliwiają przejęcie kontroli

CVE-2026-2586CRITICAL9.1ten sam vendor

An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Consol...

CVE-2026-2587CRITICAL9.6ten sam vendor

A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mech...

CVE-2026-1699CRITICAL10.0PL ✓ten sam vendor

Eclipse Theia Website: RCE w CI/CD przez podatny trigger GitHub Actions

CVE-2025-67109CRITICAL10.0PL ✓ten sam vendor

Eclipse Cyclone DDS — błędna weryfikacja czasu certyfikatu umożliwia eskalację uprawnień