CVE-2026-22886 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 3, 2026
OpenMQ - Authentication Bypass
Published: March 3, 2026Updated: March 3, 2026Remote Exploitable
Overview
OpenMQ contains a broken authentication caused by default administrative credentials (admin/admin) with no mandatory password change, letting remote attackers authenticate as admin and gain full control, exploit requires access to management service port.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Remote attackers can authenticate as admin and gain full control over administrative features, leading to complete system compromise.
Mitigation
Change default credentials and enforce mandatory password change on first use or update to latest version with this enforcement.
Related Resources
Details
- CVE ID
- CVE-2026-22886
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_authentication
- Status
- new
CWE
- CWE-1391
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H