Apache Activemq Mqtt

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-40046 HIGH PATCH GHSA This Week

Remote denial-of-service in Apache ActiveMQ 6.0.0 through 6.2.3 allows unauthenticated network attackers to crash the MQTT broker via malformed control packets. An integer overflow in the MQTT protocol handler's remaining length field validation enables resource exhaustion without authentication. This vulnerability stems from an incomplete patch - the fix for CVE-2025-66168 was applied only to 5.19.x branches but omitted from all 6.x releases until 6.2.4. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

Apache Integer Overflow Buffer Overflow Apache Activemq Apache Activemq All +1
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-40046
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial-of-service in Apache ActiveMQ 6.0.0 through 6.2.3 allows unauthenticated network attackers to crash the MQTT broker via malformed control packets. An integer overflow in the MQTT protocol handler's remaining length field validation enables resource exhaustion without authentication. This vulnerability stems from an incomplete patch - the fix for CVE-2025-66168 was applied only to 5.19.x branches but omitted from all 6.x releases until 6.2.4. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

Apache Integer Overflow Buffer Overflow +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy