Home / Vulnerability Intelligence / CVE-2026-24457

CVE-2026-24457 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 5, 2026

OpenMQ - Information Disclosure & Remote Code Execution

Published: March 5, 2026Updated: March 5, 2026Remote Exploitable

Overview

OpenMQ contains an unsafe configuration parsing vulnerability that allows remote attackers to read arbitrary files from the MQ Broker's server, potentially leading to unauthorized file access and remote code execution.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 19.4%(Probability of exploitation in next 30 days)

Impact

Remote attackers can read unauthorized files and potentially execute code, leading to full system compromise.

Mitigation

Update OpenMQ to the latest version to address unsafe configuration parsing.

References

https://gitlab.eclipse.org/security/cve-assignment/-/issues/84

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 8, 2026

🔴 CVE-2026-24457 - Critical (9.1) An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24457/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-24457
Severity: Critical
CVSS Score: 9.1
Type: undefined
Status: unconfirmed
EPSS: 19.4%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS Score

19.4%Probability of exploitation in the next 30 days