CVE-2026-39920

Name of the Vulnerable Software and Affected Versions BridgeHead FileStore versions prior to 24A

Description The Apache Axis2 administration module is exposed on network-accessible endpoints and uses default credentials. This allows unauthenticated remote attackers to gain administrative control over the module. An attacker can authenticate using these default credentials, upload a malicious Java archive as a web service, and execute arbitrary OS commands on the host via SOAP requests to the deployed service.

Recommendations Update to version 24A.