Eclipse Foundation Eclipse Openmq vulnerabilities
2 known vulnerabilities affecting eclipse_foundation/eclipse_openmq.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2026-22886P2CRITICALCVSS 9.8v02026-03-03
CVE-2026-22886 [CRITICAL] CWE-1391 CVE-2026-22886: OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication.
OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires
authentication. However, the product ships with a default administrative account (admin/
admin) and does not enforce a mandatory password change on first use. After the first
successful login, the server continues to accept the default password indefinitely without
nvd
CVE-2026-24457P2CRITICALCVSS 9.8≤ 6.5.12026-03-05
CVE-2026-24457 [CRITICAL] CWE-22 CVE-2026-24457: An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a
An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.
nvd