securityonline.info 7/3/2026, 2:41:32 AM · external

Apache fixes ActiveMQ flaws threatening Java-based services

Apache fixes ActiveMQ flaws threatening Java-based services
CyberSIXT Evidence Panel
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

APACHE has addressed nine vulnerabilities in ActiveMQ (CVE-2026-54475) with version 6.2.7, notably affecting denial-of-service and temporary destination takeover. These issues are significant as ActiveMQ is widely used in Java applications and often exposed online, with past scans revealing thousands of vulnerable instances. Five vulnerabilities are rated 'important' and can allow unauthenticated attackers to crash brokers, potentially disrupting services reliant on them. Specific flaws include:

1. **Access and Authorization Flaws**: Issues enabling one connection to access another’s messages and granting admin access to low-privilege users.

2. **Denial-of-Service Flaws**: Several vulnerabilities can crash the broker by exhausting resources or exploiting specific commands.

3. **Web Console Scripting**: Cross-site scripting vulnerabilities could allow attackers to execute code with administrative privileges.

Users are urged to upgrade immediately to version 6.2.7 or patch the 5.x branch to mitigate risks.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline