Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Apache ActiveMQ Remote File Access via Malicious Configuration
CVE-2026-24457
Summary
An attacker can access sensitive files on your server by exploiting a weakness in how Apache ActiveMQ handles configuration files. This could let them read files they shouldn't be able to access. You should update to the latest version of ActiveMQ to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| eclipse | open_message_queue | <= 6.5.1 | – |
Original title
An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. I...
Original description
An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.
nvd CVSS3.1
9.1
Vulnerability type
CWE-22
Path Traversal
CWE-27
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026