793 matches found
CVE-2026-49157
Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...
EUVD-2026-33574
Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...
PT-2026-45377
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Description Incomplete authorization in the server allows authenticated connections to remove existing destinations when they possess the proper permissions...
PT-2026-45376
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache ActiveMQ All versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache...
📄 Apache ActiveMQ Jolokia Remote Code Execution
This is a proof of concept security research tool that evaluates a potential authenticated remote code execution pathway through the Jolokia management interface exposed by Apache ActiveMQ. The tool authenticates to the broker, discovers configuration details, interacts with JMX operations expose...
CVE-2026-40453 vulnerabilities
Vulnerabilities for packages: apache-activemq, apache-activemq-fips...
GHSA-JG2M-9X48-3GVJ vulnerabilities
Vulnerabilities for packages: apache-activemq, apache-activemq-fips...
org.apache.artemis:artemis-server: org.apache.activemq:artemis-server: Apache Artemis, Apache ActiveMQ Artemis: Message injection and exfiltration due to missing authentication
A flaw was found in Apache Artemis and Apache ActiveMQ Artemis. An unauthenticated remote attacker can exploit a missing authentication for critical function vulnerability by using the Core protocol. This allows the attacker to force a target broker to establish an outbound Core federation...
Exploit for Improper Input Validation in Apache Activemq
CVE-2026-34197 Description \ Improper Input Validation, Imp...
DoS (Denial of Service) at org.apache.activemq dependency in Bamboo Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...
GHSA-WG35-8JPF-2XV3 vulnerabilities
Vulnerabilities for packages: nacos-docker, kafbat-ui-fips, apache-nifi-registry, apache-activemq-fips, camunda, camunda-zeebe, nacos, thingsboard, kafbat-ui, apache-activemq...
GHSA-6P4F-WCWH-5VVM vulnerabilities
Vulnerabilities for packages: nacos-docker, kafbat-ui-fips, apache-nifi-registry, apache-activemq-fips, camunda, camunda-zeebe, nacos, thingsboard, kafbat-ui, apache-activemq...
CVE-2026-22745 vulnerabilities
Vulnerabilities for packages: nacos-docker, kafbat-ui-fips, apache-nifi-registry, apache-activemq-fips, camunda, camunda-zeebe, nacos, thingsboard, kafbat-ui, apache-activemq...
CVE-2026-22741 vulnerabilities
Vulnerabilities for packages: nacos-docker, kafbat-ui-fips, apache-nifi-registry, apache-activemq-fips, camunda, camunda-zeebe, nacos, thingsboard, kafbat-ui, apache-activemq...
Exploit for Improper Input Validation in Apache Activemq
CVE-2026-34197 — Apache ActiveMQ Classic Jolokia RCE Lab O...
CVE-2026-41044
A flaw was found in Apache ActiveMQ. An authenticated attacker can exploit an improper input validation vulnerability in the admin web console to craft a malicious broker name. This malicious name, containing an xbean binding, can be used by a virtual machine VM transport to load a remote Spring...
CVE-2026-41043
A flaw was found in Apache ActiveMQ and Apache ActiveMQ Web. An authenticated attacker can exploit a Cross-Site Scripting XSS vulnerability by injecting malicious HTML into a Java Message Service JMS selector field and overriding the content type to HTML. This allows the attacker to display...
BIT-ACTIVEMQ-2026-40466 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...
GHSA-W3W2-MPP5-92GM Apache ActiveMQ Vulnerable to Improper Input Validation and Code Injection
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...
org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2026-41043 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)
org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2026-41043 Source advisory: OSV:GHSA-2JP3-2923-9H52...