CVE-2026-24457

CRITICAL

Eclipse Open Message Queue < 6.5.1 - Path Traversal and Remote Code Execution via Configuration Parsing

Title source: llm

Description

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.

References (1)

Core 1

Core References

Issue Tracking

https://gitlab.eclipse.org/security/cve-assignment/-/issues/84

Scores

CVSS v3 9.1

EPSS 0.0009

EPSS Percentile 25.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22 CWE-27

Status published

Products (2)

eclipse/open_message_queue < 6.5.1

eclipse/openmq < 6.5.1

Published Mar 05, 2026

Tracked Since Mar 06, 2026