Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broker will crash with OOM.
This issue affects Apache ActiveMQ Broker: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ All: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7.
Users are recommended to upgrade to version 6.2.7, which fixes the issue.
Project Subscriptions
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 01 Jul 2026 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Apache
Apache activemq Apache activemq All Apache activemq Broker |
|
| Vendors & Products |
Apache
Apache activemq Apache activemq All Apache activemq Broker |
Wed, 01 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-770 | |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Tue, 30 Jun 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-768 |
Tue, 30 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-400 | |
| Metrics |
cvssV3_1
|
Tue, 30 Jun 2026 11:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-768 |
Tue, 30 Jun 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broker will crash with OOM. This issue affects Apache ActiveMQ Broker: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ All: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7. Users are recommended to upgrade to version 6.2.7, which fixes the issue. | |
| Title | Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270 | |
| References |
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: apache
Published:
Updated: 2026-06-30T13:21:45.456Z
Reserved: 2026-06-06T19:20:20.134Z
Link: CVE-2026-50750
Updated: 2026-06-30T13:20:59.560Z
No data.
OpenCVE Enrichment
Updated: 2026-07-01T12:45:16Z