How is CVE-2026-9844 exploited?

Network reachability (required): The RabbitMQ Management interface is exposed over the network, so an attacker must be able to reach the service on its network port to attempt credential login. Authentication (not-required): No credentials beyond the publicly documented defaults are needed; the vulnerability exists precisely because default credentials remain valid and unrotated. Victim interaction (not-required): No user action or social engineering is needed; the attacker interacts directly with the RabbitMQ Management interface without involving any human victim. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental setup beyond network access to the interface.

What is the impact of CVE-2026-9844?

Reads limited configuration data and internal queue metadata visible through the RabbitMQ Management interface. Modifies, deletes, or injects messages into pathology processing queues, corrupting or redirecting diagnostic workflows. Crashes or destabilizes the RabbitMQ broker, taking down the messaging layer that navify Digital Pathology depends on for scan distribution and result delivery. Achieves limited lateral visibility into downstream systems that consume or publish to the same broker, based on low-severity scope impact to adjacent components.

Back to search

HIGHCVE-2026-9844Published 2026-06-02Modified 2026-06-02CNA Roche

CVE-2026-9844: Vulnerability in navify® Digital Pathology

Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology (RabbitMQ Management interface modules) allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1.

CVSS v4.0: 8.8
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

An authentication bypass via default credentials affects the RabbitMQ Management interface in Roche Diagnostics navify Digital Pathology versions 2.0.0 through 2.4.1. The vulnerability is reachable over the network with no authentication required, because the RabbitMQ Management interface ships with well-known default usernames and passwords that remain active. Successful exploitation gives an attacker the ability to tamper with message queues and disrupt pathology processing workflows, as well as read limited configuration data. No fix version has been published; HarborGuard tracks this advisory for patch availability.

HarborGuard Coverage

Detection

Detection for CVE-2026-9844 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including internally built images that incorporate navify Digital Pathology components. Any image found to include an affected version of the navify Digital Pathology RabbitMQ modules is flagged immediately in the customer's pipeline.

Available

Triage

HarborGuard scores this CVE at 8.8 HIGH using the CVSS v4.0 vector and applies per-environment compliance policy weighting to escalate or suppress noise based on how the customer has classified this image class. Triage results are routed to the appropriate team inbox within each customer organization according to their configured policy mappings.

Available

Patch

Because no fix version has been published by Roche, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. In the meantime, the advisory status is continuously surfaced in each customer's open-vulnerability queue so the issue cannot age out of visibility.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The RabbitMQ Management interface is exposed over the network, so an attacker must be able to reach the service on its network port to attempt credential login.
AuthenticationNot required
No credentials beyond the publicly documented defaults are needed; the vulnerability exists precisely because default credentials remain valid and unrotated.
Victim interactionNot required
No user action or social engineering is needed; the attacker interacts directly with the RabbitMQ Management interface without involving any human victim.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental setup beyond network access to the interface.

Blast Radius

Reads limited configuration data and internal queue metadata visible through the RabbitMQ Management interface.
Modifies, deletes, or injects messages into pathology processing queues, corrupting or redirecting diagnostic workflows.
Crashes or destabilizes the RabbitMQ broker, taking down the messaging layer that navify Digital Pathology depends on for scan distribution and result delivery.
Achieves limited lateral visibility into downstream systems that consume or publish to the same broker, based on low-severity scope impact to adjacent components.

How HarborGuard Handles This

Available on HarborGuard: CVE-2026-9844 is tracked continuously with no upstream fix yet published. Every ingest cycle re-checks the Roche advisory, and a patched-image rebuild will become available automatically the moment Roche publishes a remediated version. Until then, compensating controls are recommended: apply network policy to restrict access to the RabbitMQ Management port (typically 15672) to only known administrative hosts; rotate the default RabbitMQ credentials immediately on any deployed instance; and consider feature-flag gating or firewall egress filtering to limit the broker's exposure surface. For customers with auto-remediation enabled, the rebuild-and-PR flow will trigger without manual intervention once a fix version is available, with a median time from CVE publication to merged patch PR of around 90 minutes for high-severity issues in those environments.

See how HarborGuard automates this

Affected packages

Roche Diagnostics / navify Digital Pathology
≤ 2.4.1

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:D/RE:M/U:Green

References

diagnostics.roche.com

Metrics

Get notified