CVE-2026-22886
📋 TL;DR
OpenMQ's management service ships with default admin credentials (admin/admin) that are never forced to change, allowing remote attackers who can reach the service port to authenticate as administrators. This affects all OpenMQ deployments where the imqbrokerd service is enabled with default settings.
💻 Affected Systems
- OpenMQ
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full administrative control of OpenMQ broker, allowing message queue manipulation, service disruption, data exfiltration, and potential lateral movement.
Likely Case
Unauthorized administrative access leading to message queue manipulation, service configuration changes, and potential data exposure.
If Mitigated
Limited to authenticated attacks only, requiring network access to the management port.
🎯 Exploit Status
Exploitation requires only default credentials and network access to management port.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not applicable - configuration issue
Vendor Advisory: https://gitlab.eclipse.org/security/cve-assignment/-/issues/85
Restart Required: No
Instructions:
1. Change default admin password immediately. 2. Consider disabling the management service if not needed. 3. Implement network access controls to restrict access to management port.
🔧 Temporary Workarounds
Change Default Password
allChange the default admin password to a strong, unique password
imqusermgr update -u admin -p <new_password>
Disable Management Service
allDisable the imqbrokerd management service if not required
Edit imqbrokerd configuration to disable management service
🧯 If You Can't Patch
- Implement strict network segmentation to isolate OpenMQ management port
- Deploy network-based authentication proxy in front of management service
🔍 How to Verify
Check if Vulnerable:
Attempt to authenticate to imqbrokerd management service using admin/admin credentialsCheck Version:
imqbrokerd -versionVerify Fix Applied:
Verify authentication fails with default credentials and requires new password📡 Detection & Monitoring
Log Indicators:
- Successful authentication with admin user
- Multiple failed authentication attempts followed by success
Network Indicators:
- TCP connections to OpenMQ management port (default 7676)
- Authentication attempts to imqbrokerd service
SIEM Query:
source="openmq" AND (event="authentication success" AND user="admin")