{"id":"CVE-2026-24457","details":"An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.","modified":"2026-07-15T01:48:58.529526042Z","published":"2026-03-05T16:27:30.984Z","database_specific":{"cwe_ids":["CWE-22","CWE-27"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24457.json","cna_assigner":"eclipse"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24457.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24457"},{"type":"REPORT","url":"https://gitlab.eclipse.org/security/cve-assignment/-/issues/84"},{"type":"PACKAGE","url":"https://github.com/eclipse-ee4j/openmq"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse-ee4j/openmq","events":[{"introduced":"0"},{"last_affected":"285f36b659ec339893db8823dde52526a505c14a"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"6.5.1"}],"source":"AFFECTED_FIELD"}}],"versions":["6.5.1-RELEASE","6.5.0-RELEASE","initial-contribution"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24457.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}