Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.
Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing a different connection to consume from another connection's temporary
destination.
This issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7.
Users are recommended to upgrade to version 6.2.7, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
Wed, 01 Jul 2026 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Apache
Apache activemq Apache activemq All Apache activemq Broker |
|
| Vendors & Products |
Apache
Apache activemq Apache activemq All Apache activemq Broker |
Wed, 01 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-1220 | |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Tue, 30 Jun 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Tue, 30 Jun 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing a different connection to consume from another connection's temporary destination. This issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7, which fixes the issue. | |
| Title | Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover | |
| Weaknesses | CWE-862 | |
| References |
|
Status: PUBLISHED
Assigner: apache
Published: 2026-06-30T09:48:28.852Z
Updated: 2026-06-30T14:52:25.352Z
Reserved: 2026-06-15T16:52:41.340Z
Link: CVE-2026-54475
Updated: 2026-06-30T11:06:25.154Z
No data.