Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All.
Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broker will crash with OOM.
This issue affects Apache ActiveMQ Broker: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ All: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7.
Users are recommended to upgrade to version 6.2.7, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
Wed, 01 Jul 2026 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Apache
Apache activemq Apache activemq All Apache activemq Broker |
|
| Vendors & Products |
Apache
Apache activemq Apache activemq All Apache activemq Broker |
Wed, 01 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-770 | |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Tue, 30 Jun 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-768 |
Tue, 30 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-400 | |
| Metrics |
cvssV3_1
|
Tue, 30 Jun 2026 11:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-768 |
Tue, 30 Jun 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broker will crash with OOM. This issue affects Apache ActiveMQ Broker: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ All: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7. Users are recommended to upgrade to version 6.2.7, which fixes the issue. | |
| Title | Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270 | |
| References |
|
Status: PUBLISHED
Assigner: apache
Published: 2026-06-30T09:51:57.035Z
Updated: 2026-06-30T13:21:45.456Z
Reserved: 2026-06-06T19:20:20.134Z
Link: CVE-2026-50750
Updated: 2026-06-30T13:20:59.560Z
No data.