{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-9844","assignerOrgId":"5cdcf916-2b10-4ec8-bfc1-d054821e439e","state":"PUBLISHED","assignerShortName":"Roche","dateReserved":"2026-05-28T13:34:24.678Z","datePublished":"2026-06-02T13:23:45.761Z","dateUpdated":"2026-06-02T15:09:09.840Z"},"containers":{"cna":{"providerMetadata":{"orgId":"5cdcf916-2b10-4ec8-bfc1-d054821e439e","shortName":"Roche","dateUpdated":"2026-06-02T13:23:45.761Z"},"title":"Vulnerability in navify® Digital Pathology","datePublic":"2026-05-29T15:52:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-1392","description":"CWE-1392 Use of default credentials","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-70","descriptions":[{"lang":"en","value":"CAPEC-70 Try Common or Default Usernames and Passwords"}]}],"affected":[{"vendor":"Roche Diagnostics","product":"navify Digital Pathology","modules":["RabbitMQ Management interface"],"versions":[{"status":"affected","version":"2.0.0","lessThanOrEqual":"2.4.1","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology (RabbitMQ Management interface modules) allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1.","supportingMedia":[{"type":"text/html","base64":false,"value":"Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology (RabbitMQ Management interface modules) allows Default Usernames and Passwords.&nbsp;<span>This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1.</span>"}]}],"references":[{"url":"https://diagnostics.roche.com/global/en/legal/product-security-advisory.html","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","subConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"YES","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"GREEN","version":"4.0","baseSeverity":"HIGH","baseScore":8.8,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:D/RE:M/U:Green"}}],"solutions":[{"lang":"en","value":"Change the default password for the guest user from the factory settings to a secure, unique password.","supportingMedia":[{"type":"text/html","base64":false,"value":"<span>Change the default password for the guest user from the factory settings to a secure, unique password.</span><br><br><b></b>"}]}],"source":{"discovery":"INTERNAL"},"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-06-02T15:08:46.915716Z","id":"CVE-2026-9844","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-02T15:09:09.840Z"}}]}}