Skip to main content

Apache ActiveMQ EUVDEUVD-2026-40276

| CVE-2026-54475 HIGH
Missing Authorization (CWE-862)
7.5
CVSS 3.1 · Vendor
Share

Severity by source

Vendor (CNA) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
vuln.today AI
7.1 HIGH

Network-reachable, low-complexity; PR:L because the attacker must hold a broker connection; impact is primarily disclosure of others' messages (C:H) plus lost delivery to the legitimate consumer (A:L).

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (CNA).

CVSS VectorVendor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

6
Analysis Updated
Jun 30, 2026 - 15:30 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 30, 2026 - 15:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 30, 2026 - 15:22 vuln.today
cvss_changed
CVSS changed
Jun 30, 2026 - 15:22 NVD
7.5 (HIGH)
Patch available
Jun 30, 2026 - 12:01 EUVD
Analysis Generated
Jun 29, 2026 - 22:16 vuln.today

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

Unauthorized message consumption in Apache ActiveMQ Classic lets a connected client read from temporary destinations belonging to a different connection, breaking the per-connection isolation that applications rely on. The root cause is that the isolation check is enforced only client-side, so a malicious or rogue client can subscribe to and drain another connection's temporary queue/topic. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Connect to ActiveMQ broker
Delivery
Enumerate/reference victim temporary destination
Exploit
Register consumer on it
Execution
Bypass client-side isolation check
Impact
Drain or read victim messages

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) the ability to establish a connection to the target ActiveMQ broker over a network-reachable transport (OpenWire/STOMP/AMQP, etc.), and (2) a victim application that uses Apache ActiveMQ Classic temporary destinations (the request/reply pattern) on the same broker. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 3.1 vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, 7.5) signals a network-reachable, low-complexity issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario On a shared ActiveMQ broker, an application client opens a connection and uses a temporary destination to receive private request/reply messages. An attacker who can also connect to the broker references that same temporary destination and registers a consumer, silently draining or reading the victim's reply messages because the broker only enforced the isolation check client-side. …
Remediation Vendor-released patch: upgrade to 6.2.7 on the 6.x line, or to 5.19.8 on the 5.x line, which add the missing server-side authorization check for temporary destinations (advisory: https://activemq.apache.org/ and https://lists.apache.org/thread/85f3q7mkh71y7qwyn6wvgw0bw4jl06ys). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit deployed ActiveMQ versions and identify systems running affected versions (5.19.x before 5.19.8 or 6.0.x-6.1.x before 6.2.7). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-40276 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy