CVE-2026-9844 HIGH

CVE-2026-9844: Vulnerability in navify® Digital Pathology

Vendor Roche Diagnostics
Product navify Digital Pathology
Weakness CWE-1392
Published June 2, 2026
Last update June 2, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:D/RE:M/U:Green

What the vulnerability does

01Description

Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology (RabbitMQ Management interface modules) allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1.

Key dates

02Disclosure timeline

June 2, 2026 CVE published
June 2, 2026 Record updated