CVE-2026-42588

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

Apache ActiveMQ security vulnerabilities

Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ. This vulnerability stems from the default access policy of the...

Exploit for Improper Input Validation in Apache Activemq

CVE-2026-34197 — Apache ActiveMQ Classic Jolokia RCE Lab O...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in activemq-all (CVE-2025-66168)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-66168 reported for activemq-all-5.19.0.jar. Vulnerability Details CVEID:CVE-2025-66168 DESCRIPTION: WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in activemq-all (CVE-2026-34197)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-34197 reported for activemq-all-5.19.0.jar. Vulnerability Details CVEID:CVE-2026-34197 DESCRIPTION: Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broke...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in activemq-all (CVE-2026-39304)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-39304 reported for activemq-all-5.19.0.jar. Vulnerability Details CVEID:CVE-2026-39304 DESCRIPTION: Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ...

BIT-ACTIVEMQ-2026-40466 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

GHSA-MR6M-XJ7V-3CV3 Apache ActiveMQ Vulnerable to Code Injection

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

Apache ActiveMQ Vulnerable to Code Injection

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2026-41044 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)

org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2026-41044 Source advisory: OSV:GHSA-MR6M-XJ7V-3CV3...

at.chrl:chrl-jms (=1.1.0), at.researchstudio.sat:won-core (>=0.2 <=0.9) +1035 more potentially affected by CVE-2026-41044 via org.apache.activemq:activemq-broker (>=5.10.0 <=5.19.4)

org.apache.activemq:activemq-broker MAVEN version =5.10.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 - at.researchstudio.sat:won-owner =0.3 - at.researchstudio.sat:won-owner-webapp =0.3 and more Source cves: CVE-2026-41044 Source advisory: OSV:GHSA-MR6M-XJ7V-3CV...

Linux Distros Unpatched Vulnerability : CVE-2026-40466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ...

Linux Distros Unpatched Vulnerability : CVE-2026-40046

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for CVE-2025-66168: MQTT control packet...

org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2026-39304 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)

org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2026-39304 Source advisory: OSV:GHSA-5568-6QCG-G7FX...

Apache ActiveMQ 安全漏洞

Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ, which stems from improper handling of TLSv1.3 handshake Key...

CVE-2026-40046

Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...

BIT-ACTIVEMQ-2026-34197 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

Apache ActiveMQ Broker Jolokia MBeans Remote Code Execution Vulnerability

Apache ActiveMQ Broker is an open source message broker and integration pattern server . A security vulnerability exists in Apache ActiveMQ Broker. The vulnerability stems from the Jolokia JMX-HTTP bridge default policy that allows exec operations on MBeans, which can be exploited by an attacker ...

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.107.0) +101 more potentially affected by CVE-2026-33227 via org.apache.activemq:activemq-broker (>=6.0.0 <=6.2.1)

org.apache.activemq:activemq-broker MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =0.2.2, =1.4.0, =2.1.0 - io.mats3:mats-spring-test =B-2.0.0.B0+2025-10-22 and more Source cves: CVE-2026-33227 Source advisory: OSV:GHSA-H2H4-5M64-M273...

be.yildiz-games:module-messaging-activemq (>=1.0.0 <=1.0.1), cn.codeforfun:jfinal-activemq (=0.3) +215 more potentially affected by CVE-2026-34197 via org.apache.activemq:activemq-all (>=4.1.2 <=5.19.4)

org.apache.activemq:activemq-all MAVEN version =4.1.2, =1.0.0, =6.0.03, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =8.0.0, =2.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-34197 Source advisory: OSV:GHSA-RXPJ-7QVF-XV32...