CVE-2026-22886 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 3, 2026
OpenMQ - Authentication Bypass
Overview
OpenMQ contains a broken authentication caused by default administrative credentials (admin/admin) with no mandatory password change, letting remote attackers authenticate as admin and gain full control, exploit requires access to management service port.
Severity & Score
Impact
Remote attackers can authenticate as admin and gain full control over administrative features, leading to complete system compromise.
Mitigation
Change default credentials and enforce mandatory password change on first use or update to latest version with this enforcement.
Social Media Activity(2 posts)
š“ CVE-2026-22886 - Critical (9.8) OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ships with a default administrative account (admin/ admin) and does not enforce a mandatory password change on first use. Afte... š https://www.thehackerwire.com/vulnerability/CVE-2026-22886/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CRITICAL: CVE-2026-22886 in Eclipse OpenMQ lets remote attackers fully compromise brokers via default admin/admin creds if mgmt service is open. Disable unneeded services & update passwords now! https://radar.offseq.com/threat/cve-2026-22886-cwe-1392-use-of-default-credentials-68ab8e2b #OffSeq #CVE202622886 #EclipseOpenMQ #infosec
View original postRelated Resources
Details
- CVE ID
- CVE-2026-22886
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_authentication
- Status
- unconfirmed
- EPSS
- 15.8%
- Social Posts
- 2
CWE
- CWE-1391
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H