Activemq
This hub aggregates every CVE we track for Activemq, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.
66
CVEs tracked
6
Critical
19
High
3
In CISA KEV
Severity distribution
MEDIUM38HIGH19CRITICAL6LOW3
Monthly trend
0
0
1
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
1
6
0
6
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Activemq.
- CVE-2026-42253Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties6.1
- CVE-2026-42588Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector8.1
- CVE-2026-45505Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass8.8
- CVE-2026-46605Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removal4.3
- CVE-2026-49157Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default8.8
- CVE-2026-49270Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)5.9
- CVE-2026-41044Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia8.8
- CVE-2026-41043Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues6.5
- CVE-2026-40466Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI8.8
- CVE-2026-39304Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM7.5
- CVE-2026-33227Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory4.3
- CVE-2026-34197Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeansKEV8.8
- CVE-2025-66168Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated5.4
- CVE-2025-27533Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation7.5
- CVE-2024-8689ActiveMQ Content Pack: Cleartext Exposure of Credentials5.9
Product normalization is registry-driven with AI assist and human review. How it works