An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HEclipse Openmq
APPEclipse≤ 6.5.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
Related vulnerabilities
CVE-2026-22886CRITICAL9.8PL ✓ten sam produkt
Eclipse OpenMQ — domyślne dane logowania umożliwiają przejęcie kontroli
CVE-2026-2586CRITICAL9.1ten sam vendor
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Consol...
CVE-2026-2587CRITICAL9.6ten sam vendor
A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mech...
CVE-2026-1699CRITICAL10.0PL ✓ten sam vendor
Eclipse Theia Website: RCE w CI/CD przez podatny trigger GitHub Actions
CVE-2025-67109CRITICAL10.0PL ✓ten sam vendor
Eclipse Cyclone DDS — błędna weryfikacja czasu certyfikatu umożliwia eskalację uprawnień