CVE-2026-24457

CRITICAL EPSS 45.0%

Published Mar 5, 20263mo ago · Modified Apr 15, 20262mo ago

9.8 CVSS 3.1

Critical

Published Mar 5, 2026 3mo ago

Last Modified Apr 15, 2026 2mo ago

Description

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.

CVSS Details

Base Score

9.8

Exploitability

3.9

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

45.0% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-22 Path Traversal Resource Mgmt

CWE-27

Affected Products 1

Vendor	Product	Version	Range
eclipse	openmq	*	≤6.5.1

References 1

gitlab.eclipse.org https://gitlab.eclipse.org/security/cve-assignment/-/issues/84

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.