CVE-2026-24457

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitlab.eclipse.org/security/cve-assignment/-/issues/84	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:eclipse:open_message_queue:*:*:*:*:*:*:*:*

History

10 Mar 2026, 19:52

Type	Values Removed	Values Added
Summary		(es) Un análisis inseguro de la configuración de OpenMQ permite a un atacante remoto leer archivos arbitrarios de un servidor de MQ Broker. Una explotación completa podría leer archivos no autorizados del sistema operativo anfitrión de OpenMQ. En algunos escenarios se podría lograr RCE.
CPE		cpe:2.3:a:eclipse:open_message_queue::::::::
References	~~() https://gitlab.eclipse.org/security/cve-assignment/-/issues/84 -~~	() https://gitlab.eclipse.org/security/cve-assignment/-/issues/84 - Vendor Advisory
First Time		Eclipse open Message Queue Eclipse

05 Mar 2026, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-05 19:16

Updated : 2026-03-10 19:52

NVD link : CVE-2026-24457

Mitre link : CVE-2026-24457

CVE.ORG link : CVE-2026-24457

JSON object : View

Products Affected

eclipse

open_message_queue

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-27

Path Traversal: 'dir/../../filename'

{"id": "CVE-2026-24457", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "emo@eclipse.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-03-05T19:16:02.780", "references": [{"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/84", "tags": ["Vendor Advisory"], "source": "emo@eclipse.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-27"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ\u2019s host OS. In some scenarios RCE could be achieved."}, {"lang": "es", "value": "Un an\u00e1lisis inseguro de la configuraci\u00f3n de OpenMQ permite a un atacante remoto leer archivos arbitrarios de un servidor de MQ Broker. Una explotaci\u00f3n completa podr\u00eda leer archivos no autorizados del sistema operativo anfitri\u00f3n de OpenMQ. En algunos escenarios se podr\u00eda lograr RCE."}], "lastModified": "2026-03-10T19:52:11.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:open_message_queue:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1D42A9C-4DB4-4007-8988-F5F53064B94B", "versionEndIncluding": "6.5.1"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}