CVE-2026-39920

Description

BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console using default credentials, upload a malicious Java archive as a web service, and execute arbitrary commands on the host via SOAP requests to the deployed service.

CVSS v3.1 Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS — Exploit Prediction

0.0026

Probability of exploitation

0.49%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-1188 CWE-1188

CWE-1391 CWE-1391

References

Other References

https://axis.apache.org/axis2/java/core/docs/webadminguide.html https://gist.github.com/VAMorales/9e6a13d7529c079a363930dff48be3ba https://issues.apache.org/jira/browse/AXIS2-4279 https://www.bridgeheadsoftware.com/rapid-data-protection-product-updates/ https://www.vulncheck.com/advisories/bridgehead-filestore-24a-apache-axis2-default-credentials-rce

Frequently Asked Questions

What is CVE-2026-39920? +

BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console using default credentials, upload a malicious Java archive as a web service, and execute arbitrary commands on the host via SOAP requests to the deployed service. It has a CVSS v3.1 base score of 9.8 (CRITICAL).

How severe is CVE-2026-39920? +

CVE-2026-39920 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately. The EPSS score is 0.0026, placing it in the 0th percentile for exploitation probability.

How do I check if I'm vulnerable to CVE-2026-39920? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-8313

An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default …

CVE-2024-5801

Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by …

CVE-2025-7353

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific …

CVE-2024-51758

Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the …

CVE-2026-6866

CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when …

CVE-2026-44670

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View (AV / database) names …