Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing a different connection to consume from another connection's temporary
destination.
This issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7.
Users are recommended to upgrade to version 6.2.7, which fixes the issue.
Project Subscriptions
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 01 Jul 2026 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Apache
Apache activemq Apache activemq All Apache activemq Broker |
|
| Vendors & Products |
Apache
Apache activemq Apache activemq All Apache activemq Broker |
Wed, 01 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-1220 | |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Tue, 30 Jun 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Tue, 30 Jun 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing a different connection to consume from another connection's temporary destination. This issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7, which fixes the issue. | |
| Title | Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover | |
| Weaknesses | CWE-862 | |
| References |
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: apache
Published:
Updated: 2026-06-30T14:52:25.352Z
Reserved: 2026-06-15T16:52:41.340Z
Link: CVE-2026-54475
Updated: 2026-06-30T11:06:25.154Z
No data.
OpenCVE Enrichment
Updated: 2026-07-01T10:02:06Z