VYPR

Openmq

by Eclipse

CVEs (2)

  • CVE-2026-22886CriMar 3, 2026
    risk 0.64cvss 9.8epss 0.00

    OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ships with a default administrative account (admin/ admin) and does not enforce a mandatory password change on first use. After the first successful login,…

  • CVE-2026-24457CriMar 5, 2026
    risk 0.59cvss 9.1epss 0.01

    An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.