CVE-2026-24457

Summary

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.

Affected Software

VendorProductVersion RangeStatus
Eclipse FoundationEclipse OpenMQ0 <= 6.5.1affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-27: CWE-27 Path Traversal: 'dir/../../filename'

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References