Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
The Future of Encryption: Top Post-Quantum Cryptography Solutions for 2026
July 3, 2026
Alibaba Bans Internal Use of Claude AI Over Backdoor Concerns
July 3, 2026
Apache ActiveMQ Critical Vulnerabilities Allow DoS Attacks, System Crashes
July 3, 2026
Home/CyberSecurity News/Apache ActiveMQ Critical Vulnerabilities Allow DoS Attacks, System Crashes
CyberSecurity News

Apache ActiveMQ Critical Vulnerabilities Allow DoS Attacks, System Crashes

Key Takeaways Apache has disclosed three critical vulnerabilities impacting ActiveMQ, ActiveMQ All, ActiveMQ Client, and ActiveMQ Broker. The flaws, identified as CVE-2026-53917, CVE-2026-54475, and...

Jennifer sherman
Jennifer sherman
July 3, 2026 3 Min Read
3 0

Key Takeaways

  • Apache has disclosed three critical vulnerabilities impacting ActiveMQ, ActiveMQ All, ActiveMQ Client, and ActiveMQ Broker.
  • The flaws, identified as CVE-2026-53917, CVE-2026-54475, and CVE-2026-49877, could lead to denial-of-service, unauthorized access, and broken message isolation.
  • Affected versions include Apache ActiveMQ before 5.19.8 and from 6.0.0 before 6.2.7.
  • Immediate upgrades to ActiveMQ 5.19.8 or 6.2.7 are strongly recommended to mitigate these risks.

Apache ActiveMQ Vulnerabilities Detailed

The Apache Software Foundation has issued an urgent advisory for users of its ActiveMQ messaging platform, revealing three significant vulnerabilities that could expose deployments to severe security risks, including denial-of-service (DoS) attacks, compromised message isolation, and unauthorized administrative access. These issues span both the 5.x and 6.x branches of the software and necessitate immediate patching to secure messaging infrastructure.

Table Of Content

  • Key Takeaways
  • Apache ActiveMQ Vulnerabilities Detailed
  • CVE-2026-53917: Memory Allocation with Excessive Size Value
  • CVE-2026-54475: Missing Authorization in Temporary Destinations
  • CVE-2026-49877: Improper Authorization in Web Console
  • What You Should Do

CVE-2026-53917: Memory Allocation with Excessive Size Value

A critical memory allocation flaw, tracked as CVE-2026-53917, affects various components including Apache ActiveMQ, ActiveMQ All, ActiveMQ Client, and ActiveMQ Broker. This vulnerability arises from the improper handling of OpenWire message property maps during unmarshalling.

An authenticated attacker can exploit this weakness by transmitting a specially crafted OpenWire message containing an excessively large encoded map size. The ActiveMQ broker, lacking sufficient validation for this size parameter, will attempt to allocate a disproportionately large amount of memory. This can quickly deplete available system resources, leading to an out-of-memory (OOM) condition and causing the broker to crash. Such a crash effectively results in a denial-of-service for all applications relying on that particular messaging instance.

This vulnerability impacts Apache ActiveMQ versions prior to 5.19.8 and versions from 6.0.0 up to, but not including, 6.2.7. Environments heavily utilizing OpenWire clients are particularly susceptible, as a single compromised or malicious client could reliably disrupt the entire broker service.

CVE-2026-54475: Missing Authorization in Temporary Destinations

Another significant vulnerability, CVE-2026-54475, has been identified as a “Missing Authorization” flaw impacting Apache ActiveMQ Broker, ActiveMQ All, and ActiveMQ Classic. This issue concerns the isolation of temporary destinations.

In ActiveMQ Classic, temporary queues and topics are designed to be exclusive to the connection that creates them, meaning only that specific connection should be able to consume messages from its temporary destination. However, the enforcement of this isolation was primarily client-side. The broker itself failed to fully verify the ownership of these temporary destinations. Consequently, a different, unauthorized connection could potentially consume messages from another connection’s temporary queue or topic.

This breakdown in isolation allows for unauthorized access to transient message flows, posing a risk of data leakage or unintended cross-tenant access in multi-tenant or shared messaging environments. The vulnerability affects ActiveMQ Broker, All, and core ActiveMQ versions 5.19.8 and earlier, as well as versions from 6.0.0 through 6.2.7.

CVE-2026-49877: Improper Authorization in Web Console

Lastly, CVE-2026-49877, an “Improper Authorization” vulnerability, has been discovered in the Apache ActiveMQ Web Console. The root cause lies in an insecure default configuration of the underlying Jetty server.

By default, the Jetty settings did not adequately restrict access to administrative paths under `/admin/*` to users with appropriate administrative roles. This oversight meant that authenticated users with low-privilege Web Console accounts could, by default, gain access to critical administrative functionalities. A low-privileged user could authenticate to the Web Console and then navigate to these administrative endpoints, potentially altering settings or using the management interface as a pivot point for further unauthorized actions.

This vulnerability affects Apache ActiveMQ versions before 5.19.8 and from 6.0.0 before 6.2.7. It is of particular concern for deployments that expose the Web Console for day-to-day operational management.

What You Should Do

Apache strongly advises all organizations running affected versions of ActiveMQ to implement the following mitigation steps immediately:

  • Upgrade Immediately: Update your Apache ActiveMQ deployments to version 5.19.8 or 6.2.7. These releases incorporate strict size validation for OpenWire property maps, enforce server-side ownership checks for temporary destinations, and correct the default authorization behavior in the Web Console to restrict `/admin/*` paths to legitimate administrative users.
  • Restrict Network Access: Limit network exposure for both ActiveMQ brokers and the Web Console. Implement firewall rules to ensure that only trusted hosts and users can access these critical components.
  • Audit Roles and Permissions: Regularly review and audit user roles and permissions within ActiveMQ and the Web Console to ensure that the principle of least privilege is strictly enforced. Remove any unnecessary administrative access.
  • Monitor for Anomalies: Implement robust monitoring for unusual memory usage patterns, unexpected broker crashes, and any suspicious or unauthorized access attempts to the messaging infrastructure.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEPatchVulnerability

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Scammers Impersonate Brands in Gambling Ads to Drive Casino Traffic

Next Post

Alibaba Bans Internal Use of Claude AI Over Backdoor Concerns

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Nebula AI Platform Automates Pen Testing to Find Vulnerabilities
July 3, 2026
PureLog Stealer Uses Blogspot and PowerShell to Deliver Malware
July 3, 2026
FBI Warns TeamPCP Hackers Exploit Developer Tools in Supply Chain Attacks
July 3, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us