- Description
- Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broker will crash with OOM. This issue affects Apache ActiveMQ Broker: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ All: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7. Users are recommended to upgrade to version 6.2.7, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- activemq, activemq_broker
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-400
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:activemq:5.19.7:*:*:*:*:*:*:*",
"matchCriteriaId": "30C93456-D814-415B-B251-C2B4F8D0824D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD1F411-C753-4C8D-8854-0641A1555544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq_broker:5.19.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE64253-BB81-4AFC-99B4-FA0F3F24CBFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq_broker:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "772DA95D-2A5D-4DC5-9FA6-2B23082702CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]