Lucene search
K

6 matches found

Nuclei
Nuclei
added yesterday20 views

Apache ActiveMQ - Remote Code Execution via HTTP Discovery Transport Bypass

Apache ActiveMQ before 5.19.6 and 6.0.0 through 6.2.4 is vulnerable to remote code execution via a bypass of the CVE-2026-34197 security fix. The original fix blocked the "vm://" transport scheme in BrokerView.addNetworkConnector and BrokerView.addConnector to prevent authenticated attackers from...

8.8CVSS7.2AI score0.96666EPSS
Exploits13References4
VulnCheck KEV
VulnCheck KEV
added 2026/05/07 12:0 a.m.46 views

VulnCheck KEV: CVE-2026-40466

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS6.4AI score0.04783EPSS
In wildExploits13References19
Veracode
Veracode
added 2026/05/04 9:41 a.m.17 views

Improper Input Validation

org.apache.activemq, activemq-broker is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation in HTTP Discovery transport handling, which allows an authenticated attacker to bypass previous fixes and exploit broker configuration loading to execute arbitrary...

8.8CVSS7.7AI score0.04783EPSS
Exploits13References6Affected Software3
Vulnrichment
Vulnrichment
added 2026/04/24 10:15 a.m.5 views

CVE-2026-40466 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.6AI score0.96666EPSS
Exploits13References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 10:15 a.m.5 views

CVE-2026-40466

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS8.6AI score0.96666EPSS
Exploits13References2Affected Software3
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-40466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ...

8.8CVSS7.6AI score0.96666EPSS
Exploits13References3
Rows per page
Query Builder