OpenCVE

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Eclipse	Openmq

No data.

No data.

References

Link	Providers
https://gitlab.eclipse.org/security/cve-assignment/-/issues/84

History

Fri, 06 Mar 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 06 Mar 2026 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Eclipse Eclipse openmq
Vendors & Products		Eclipse Eclipse openmq

Thu, 05 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Description		An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.
Weaknesses		CWE-22 CWE-27
References		https://gitlab.eclipse.org/security/cve-assignment/-/issues/84
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: eclipse

Published: 2026-03-05T16:27:30.984Z

Updated: 2026-03-06T16:11:32.915Z

Reserved: 2026-01-23T11:07:26.456Z

Link: CVE-2026-24457

Vulnrichment

Updated: 2026-03-06T16:00:32.917Z

NVD

Status : Awaiting Analysis

Published: 2026-03-05T19:16:02.780

Modified: 2026-03-05T19:38:33.877

Link: CVE-2026-24457

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24457", "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "state": "PUBLISHED", "assignerShortName": "eclipse", "dateReserved": "2026-01-23T11:07:26.456Z", "datePublished": "2026-03-05T16:27:30.984Z", "dateUpdated": "2026-03-06T16:11:32.915Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Eclipse OpenMQ", "repo": "https://github.com/eclipse-ee4j/openmq", "vendor": "Eclipse Foundation", "versions": [{"lessThanOrEqual": "6.5.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Camilo G. AkA Dedalo (DeepSecurity Per\u00fa)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ\u2019s host OS. In some scenarios RCE could be achieved.<br>"}], "value": "An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ\u2019s host OS. In some scenarios RCE could be achieved."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-27", "description": "CWE-27 Path Traversal: 'dir/../../filename'", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse", "dateUpdated": "2026-03-05T16:27:30.984Z"}, "references": [{"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/84"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-06T16:00:31.715526Z", "id": "CVE-2026-24457", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T16:11:32.915Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24457", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-06T16:00:31.715526Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T16:00:32.917Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Camilo G. AkA Dedalo (DeepSecurity Per\u00fa)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/eclipse-ee4j/openmq", "vendor": "Eclipse Foundation", "product": "Eclipse OpenMQ", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "6.5.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/84"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ\u2019s host OS. In some scenarios RCE could be achieved.", "supportingMedia": [{"type": "text/html", "value": "An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ\u2019s host OS. In some scenarios RCE could be achieved.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-27", "description": "CWE-27 Path Traversal: 'dir/../../filename'"}]}], "providerMetadata": {"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse", "dateUpdated": "2026-03-05T16:27:30.984Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24457", "state": "PUBLISHED", "dateUpdated": "2026-03-06T16:11:32.915Z", "dateReserved": "2026-01-23T11:07:26.456Z", "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "datePublished": "2026-03-05T16:27:30.984Z", "assignerShortName": "eclipse"}, "dataVersion": "5.2"}