CVE-2026-49270 in ActiveMQالمعلومات

الملخص

بحسب MITRE • 01/06/2026

Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All.

Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all durable topic subscriptions in the broker, including client identifiers, subscription names, topic destinations, and JMS selector expressions, by sending a BrokerInfo command. The broker incorrectly responds without first ensuring the connection is authenticated. This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, from 6.0.0 before 6.2.6.

Users are recommended to upgrade to version 6.2.6 or 5.19.7, which fixes the issue.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

إفشاء

01/06/2026

الاعتدال

تمت الموافقة

إدخال

VDB-367620

CPE

جاهز

CWE

CWE-662 (غير مؤكد)

CVSS

5.5 (VulDB)

EPSS

0.00090

KEV

لا

النشاطات

منخفض جدًا

القطاع

Industry, Police, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-49270
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-49270
CVE Details	https://www.cvedetails.com/cve/CVE-2026-49270/

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!