CVE-2026-9844

Vulnerability

A vulnerability exists in Roche Diagnostics navify Digital Pathology, specifically within the RabbitMQ Management interface modules, due to the use of default usernames and passwords. This issue affects versions from 2.0.0 before 2.4.1.

Exploitation

An attacker can exploit this vulnerability by leveraging the default credentials that are present in the RabbitMQ Management interface. This would allow them to gain unauthorized access to the system without needing any special privileges or user interaction, provided they have network access to the affected interface.

Impact

Successful exploitation of this vulnerability allows an attacker to gain unauthorized access to the RabbitMQ Management interface, potentially leading to information disclosure, unauthorized configuration changes, or further compromise of the system, depending on the privileges associated with the default credentials.

Mitigation

Roche Diagnostics has released updates to rectify this flaw. Customers should update to the latest version of navify Digital Pathology. Specific version information for the fix is not detailed in the provided references, but customers are advised to contact their Roche Diagnostics representative for update schedules and further information. As a general security measure, Roche recommends controlling network access to devices and configuring the operating environment according to installation guidelines and product manual recommendations [1].