CVE-2026-22886

Name of the Vulnerable Software and Affected Versions Eclipse OpenMQ (affected versions not specified)

Description Eclipse OpenMQ includes a TCP-based management service (imqbrokerd) that requires authentication by default. The product is shipped with a default administrative account (admin/admin) and does not enforce a mandatory password change upon first use. The server continues to accept the default password indefinitely after the initial successful login, without any warning or enforcement. An attacker with access to the service port could authenticate as an administrator and gain full control of the protocol’s administrative features.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.