2 matches found
Code Injection
Apache ActiveMQ is vulnerable to Code Injection. The vulnerability is due to improper input validation and improper control of generation of code, where an attacker can construct a malicious broker name that bypasses name validation to include an xbean binding, and then use the DestinationView...
CVE-2026-41044
A flaw was found in Apache ActiveMQ. An authenticated attacker can exploit an improper input validation vulnerability in the admin web console to craft a malicious broker name. This malicious name, containing an xbean binding, can be used by a virtual machine VM transport to load a remote Spring...