← volver
CVE-2026-46605

Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removal

CVSS 4.3 MEDIUMEPSS 0.3%CWE-285
Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions. This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. Users are recommended to upgrade to version v6.2.6 or v5.19.7, which fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Productos afectados
Apache Software Foundation · Apache ActiveMQApache Software Foundation · Apache ActiveMQ AllApache Software Foundation · Apache ActiveMQ Broker

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://lists.apache.org/thread/l4lxgr2s73g9pb218f180psfyskf8ldmhttp://www.openwall.com/lists/oss-security/2026/05/31/20