Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attacker must hold LDAP write access (PR:L) and the broker must use a specific LDAP-discovery config (AC:H); integrity-only impact (I:H, C:N/A:N) per the spawned rogue BrokerService.
Primary rating from Vendor (apache).
CVSS VectorVendor: apache
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
6DescriptionCVE.org
Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All.
An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used to fetch an attacker URL and spawn a second BrokerService inside the same JVM. This issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7.
Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.
Articles & Coverage 1
AnalysisAI
Improper input validation in Apache ActiveMQ lets an attacker who can write or modify LDAP entries matching the broker's configured searchBase and searchFilter instantiate transports that are otherwise denied inside the broker JVM. By doing so the attacker can force the broker to fetch an attacker-controlled URL and spawn a second BrokerService within the same JVM, an integrity-impacting condition affecting Apache ActiveMQ, ActiveMQ Broker, and ActiveMQ All before 5.19.8 and 6.x before 6.2.7. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
No public exploit identified at time of analysis. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Apache Activemq Broker
View allRemote code execution in Apache ActiveMQ Classic versions before 5.19.5 and 6.0.0-6.2.2 allows authenticated attackers t
Remote code execution in Apache ActiveMQ 5.x (before 5.19.6) and 6.x (before 6.2.5) allows authenticated attackers to by
Remote code execution in Apache ActiveMQ allows authenticated attackers with admin console access to inject malicious Sp
Remote denial of service in Apache ActiveMQ (versions 5.19.7 and 6.2.6) allows an unauthenticated attacker to exhaust br
Out-of-memory denial of service in Apache ActiveMQ allows unauthenticated remote attackers to exhaust broker memory via
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40285
GHSA-h5gm-rvw6-2xpx