Skip to main content

Apache Activemq Broker CVE-2026-49434

| EUVDEUVD-2026-40285 HIGH
Improper Input Validation (CWE-20)
2026-06-30 apache GHSA-h5gm-rvw6-2xpx
7.5
CVSS 3.1 · Vendor: apache
Share

Severity by source

Vendor (apache) PRIMARY
7.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
vuln.today AI
5.3 MEDIUM

Attacker must hold LDAP write access (PR:L) and the broker must use a specific LDAP-discovery config (AC:H); integrity-only impact (I:H, C:N/A:N) per the spawned rogue BrokerService.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
4.0 AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (apache).

CVSS VectorVendor: apache

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

6
Analysis Updated
Jun 30, 2026 - 13:30 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 30, 2026 - 13:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 30, 2026 - 13:22 vuln.today
cvss_changed
CVSS changed
Jun 30, 2026 - 13:22 NVD
7.5 (HIGH)
Patch available
Jun 30, 2026 - 12:01 EUVD
Analysis Generated
Jun 30, 2026 - 11:17 vuln.today

DescriptionCVE.org

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All.

An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used to fetch an attacker URL and spawn a second BrokerService inside the same JVM. This issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7.

Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.

AnalysisAI

Improper input validation in Apache ActiveMQ lets an attacker who can write or modify LDAP entries matching the broker's configured searchBase and searchFilter instantiate transports that are otherwise denied inside the broker JVM. By doing so the attacker can force the broker to fetch an attacker-controlled URL and spawn a second BrokerService within the same JVM, an integrity-impacting condition affecting Apache ActiveMQ, ActiveMQ Broker, and ActiveMQ All before 5.19.8 and 6.x before 6.2.7. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

No public exploit identified at time of analysis. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-49434 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy