CVE-2026-42253

🗓️ 01 Jun 2026 07:23:50Reported by apacheType

ActiveMQ Web copies Java Message Service properties into HTTP headers, enabling header injection; upgrade to fixed versions.

Reporter	Title	Published	Views	Family All 20
ATTACKERKB	CVE-2026-42253	1 Jun 202607:23	–	attackerkb
Circl	CVE-2026-42253	31 May 202617:48	–	circl
CNNVD	Apache ActiveMQ 安全漏洞	1 Jun 202600:00	–	cnnvd
Cvelist	CVE-2026-42253 Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties	1 Jun 202607:23	–	cvelist
Debian CVE	CVE-2026-42253	1 Jun 202607:23	–	debiancve
EUVD	EUVD-2026-33578	1 Jun 202607:23	–	euvd
NVD	CVE-2026-42253	1 Jun 202609:16	–	nvd
OSV	BIT-ACTIVEMQ-2026-42253 Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties	5 Jun 202605:38	–	osv
OSV	DEBIAN-CVE-2026-42253	1 Jun 202609:16	–	osv
OSV	UBUNTU-CVE-2026-42253	1 Jun 202609:16	–	osv

NVD

Vulners

Node

apache activemqRange<5.19.7

apache activemqRange6.0.0–6.2.6

apache activemq_webRange<5.19.7

apache activemq_webRange6.0.0–6.2.6

[
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.activemq:apache-activemq",
    "product": "Apache ActiveMQ",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "5.19.7",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "6.2.6",
        "status": "affected",
        "version": "6.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.activemq:activemq-web",
    "product": "Apache ActiveMQ Web",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "5.19.7",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "6.2.6",
        "status": "affected",
        "version": "6.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/j9vmlc410ht5f28fc98gx75jcbq62j00
openwall	www.openwall.com/lists/oss-security/2026/05/31/17

17 Jun 2026 10:47Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.16.1

EPSS0.00423

SSVC

CWE-79