CVE-2026-39920

BridgeHead · FileStore

BridgeHead FileStore exposes the Apache Axis2 admin module with default credentials, allowing unauthenticated remote code execution.

Executive summary

A critical vulnerability in BridgeHead FileStore allows unauthenticated attackers to execute arbitrary OS commands via the exposed Apache Axis2 administration interface.

Vulnerability

The application incorrectly exposes the Apache Axis2 administration module on network-accessible ports with default credentials. An unauthenticated remote attacker can leverage these credentials to deploy a malicious Java archive and execute arbitrary OS commands on the underlying host.

Business impact

This vulnerability provides an attacker with full control over the host system, leading to complete system compromise and potential lateral movement within the network. The CVSS score of 9.8 reflects the extreme severity, as the ease of exploitation through default credentials makes this an attractive target for automated threats.

Remediation

Immediate Action: Upgrade to BridgeHead FileStore version 24A or later, which addresses the exposure of the administration module.

Proactive Monitoring: Monitor for unauthorized access to the Apache Axis2 administration portal and inspect the server for any unusual Java archive deployments or unexpected process executions.

Compensating Controls: Immediately restrict network access to the administration module using firewall rules and ensure that all default credentials have been changed across the entire infrastructure.

Exploitation status

Public Exploit Available: False

Analyst recommendation

This is an extremely critical vulnerability that facilitates full system compromise. Organizations running BridgeHead FileStore must prioritize patching to version 24A and verify that no management interfaces are exposed to untrusted networks.