8 matches found
ROOT-APP-MAVEN-CVE-2025-66168 CVE-2025-66168 in io.root.org.apache.activemq:activemq-mqtt - Patched by Root
Root has patched CVE-2025-66168 in the io.root.org.apache.activemq:activemq-mqtt package for Root:Maven. Multiple fixed versions available...
BIT-ACTIVEMQ-2026-40046 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...
CVE-2026-40046
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...
org.apache.activemq:activemq-http (>=6.0.0 <=6.2.1), org.apache.activemq:activemq-karaf (>=6.0.0 <=6.2.1) +4 more potentially affected by CVE-2026-33227 via org.apache.activemq:activemq-mqtt (>=6.0.0 <=6.2.1)
org.apache.activemq:activemq-mqtt MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.1 Source cves: CVE-2026-33227 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15930952...
com.cognifide.aet:cleaner (>=2.0.0 <=3.2.2), com.cognifide.aet:communication (>=2.0.0 <=3.2.2) +184 more potentially affected by CVE-2026-33227 via org.apache.activemq:activemq-mqtt (>=5.10.0 <=5.19.2)
org.apache.activemq:activemq-mqtt MAVEN version =5.10.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =3.0.0, =3.0.0, =1.1.0, =1.2.4.5, =1.2.4.6, =1.2.4.5, =1.2.4.5, =1.2.6.7 and more Source cves: CVE-2026-33227 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15930952...
org.apache.activemq:activemq-http (>=6.0.0 <=6.2.3), org.apache.activemq:activemq-karaf (>=6.0.0 <=6.2.3) +4 more potentially affected by CVE-2025-66168 +1 more via org.apache.activemq:activemq-mqtt (>=6.0.0 <=6.2.3)
org.apache.activemq:activemq-mqtt MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.3 Source cves: CVE-2025-66168, CVE-2026-40046 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15426349...
org.apache.activemq:activemq-http (>=6.0.0 <=6.1.8), org.apache.activemq:activemq-karaf (>=6.0.0 <=6.1.8) +4 more potentially affected by CVE-2025-66168 +1 more via org.apache.activemq:activemq-mqtt (>=6.0.0 <=6.1.8)
org.apache.activemq:activemq-mqtt MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.1.8 Source cves: CVE-2025-66168, CVE-2026-40046 Source advisory: OSV:GHSA-C825-6PH3-4H84...
com.cognifide.aet:cleaner (>=2.0.0 <=3.2.2), com.cognifide.aet:communication (>=2.0.0 <=3.2.2) +184 more potentially affected by CVE-2025-66168 +1 more via org.apache.activemq:activemq-mqtt (>=5.10.0 <=5.19.1)
org.apache.activemq:activemq-mqtt MAVEN version =5.10.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =3.0.0, =3.0.0, =1.1.0, =1.2.4.5, =1.2.4.6, =1.2.4.5, =1.2.4.5, =1.2.6.7 and more Source cves: CVE-2025-66168, CVE-2026-40046 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15426349...