Apache activemq
This hub aggregates every CVE we track for Apache activemq, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.
Databasesother
33
CVEs tracked
1
Critical
22
High
2
In CISA KEV
Severity distribution
HIGH22MEDIUM9LOW1CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
1
7
0
15
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Apache activemq.
- CVE-2026-49434Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instantiates denied transports and a remote-properties broker7.5
- CVE-2026-49432Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service7.5
- CVE-2026-49877Apache ActiveMQ: Authenticated web users retain admin access by default in the Web Console8.1
- CVE-2026-50734Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire memory-allocation DoS during wire format negotiation7.5
- CVE-2026-50750Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-492707.5
- CVE-2026-52760Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ Web Console6.1
- CVE-2026-53916Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec7.5
- CVE-2026-53917Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling7.5
- CVE-2026-54475Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover7.5
- CVE-2026-42253Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties6.1
- CVE-2026-42588Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector8.1
- CVE-2026-45505Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass8.8
- CVE-2026-46605Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removal4.3
- CVE-2026-49157Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default8.8
- CVE-2026-49270Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)5.9
Product normalization is registry-driven with AI assist and human review. How it works