CVE-2026-46605

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L                                    

Vulnerability Description

Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions.

This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6.

Users are recommended to upgrade to version v6.2.6 or v5.19.7, which fixes the issue.

Vulnerability Details

Published Date

June 01, 2026

Last Modified

June 01, 2026

CWE ID

CWE-285

Source

NVD

Vendor

Apache Software Foundation

Product

Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ

External References

https://lists.apache.org/thread/l4lxgr2s73g9pb218f180psfyskf8ldm
http://www.openwall.com/lists/oss-security/2026/05/31/20

CVE-2026-46605

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment