{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T14:14:29.473","vulnerabilities":[{"cve":{"id":"CVE-2026-22886","sourceIdentifier":"emo@eclipse.org","published":"2026-03-03T10:16:06.267","lastModified":"2026-04-09T19:47:40.263","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires\nauthentication. However, the product ships with a default administrative account (admin/\nadmin) and does not enforce a mandatory password change on first use. After the first\nsuccessful login, the server continues to accept the default password indefinitely without\nwarning or enforcement.\n\n\nIn real-world deployments, this service is often left enabled without changing the default\ncredentials. As a result, a remote attacker with access to the service port could authenticate\nas an administrator and gain full control of the protocol’s administrative features."},{"lang":"es","value":"OpenMQ expone un servicio de gestión basado en TCP (imqbrokerd) que por defecto requiere autenticación. Sin embargo, el producto se envía con una cuenta administrativa por defecto (admin/admin) y no impone un cambio de contraseña obligatorio en el primer uso. Después del primer inicio de sesión exitoso, el servidor continúa aceptando la contraseña por defecto indefinidamente sin advertencia ni imposición.\n\nEn implementaciones del mundo real, este servicio a menudo se deja habilitado sin cambiar las credenciales por defecto. Como resultado, un atacante remoto con acceso al puerto del servicio podría autenticarse como administrador y obtener control total de las características administrativas del protocolo."}],"metrics":{"cvssMetricV31":[{"source":"emo@eclipse.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"emo@eclipse.org","type":"Primary","description":[{"lang":"en","value":"CWE-1391"},{"lang":"en","value":"CWE-1392"},{"lang":"en","value":"CWE-1393"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:openmq:*:*:*:*:*:*:*:*","matchCriteriaId":"24992257-6690-46E1-962A-2D9CE0815B85"}]}]}],"references":[{"url":"https://gitlab.eclipse.org/security/cve-assignment/-/issues/85","source":"emo@eclipse.org","tags":["Issue Tracking","Vendor Advisory"]}]}}]}