pkg:Maven/org.apache.activemq:activemq-broker

9 total CVEsCRITICAL1HIGH4MEDIUM2

✅ Check your installed version

All known vulnerabilities

  • HIGH8.8CVE-2026-34197⚠ KEVApache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
    from 0, < 5.19.5
  • CRITICAL9.8CVE-2014-3600Improper Restriction of XML External Entity Reference in Apache ActiveMQ
    >= 5.0.0, < 5.10.1
  • HIGH8.8CVE-2026-40466Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI
    from 0, < 5.19.6
  • HIGH8.8CVE-2026-41044Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia
    from 0, < 5.19.6
  • HIGH7.5CVE-2026-39304Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM
    from 0, < 5.19.4
  • MEDIUM6.5CVE-2026-41043Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues
    from 0, < 5.19.6
  • MEDIUM4.3CVE-2026-33227Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory
    from 0, < 5.19.3
  • CVE-2015-6524Improper Input Validation in Apache ActiveMQ
    >= 5.0.0, < 5.10.2
  • CVE-2014-3612Improper Authentication in Apache WSS4J
    >= 5.0.0, < 5.10.1