CVE-2026-41043

UNKNOWN 0.0

Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML (instead of XML) and by injecting HTML into a JMS selector field. This issue affects Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ Web: before 5.19.6, from 6.0.0 before 6.2.5. Users are recommended to upgrade to version 6.2.5 or 5.19.6, which fixes the issue.

CWE	CWE-79 CWE-915
Vendor	apache software foundation
Product	apache activemq
Published	Apr 24, 2026
Last Updated	Apr 24, 2026

Stay Ahead of the Next One

Get instant alerts for apache software foundation apache activemq

Be the first to know when new unknown vulnerabilities affecting apache software foundation apache activemq are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache ActiveMQ

0 < 5.19.6 6.0.0 < 6.2.5

Apache Software Foundation / Apache ActiveMQ Web

0 < 5.19.6 6.0.0 < 6.2.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

activemq.apache.org: https://activemq.apache.org/security-advisories.data/CVE-2026-41043-announcement.txt openwall.com: http://www.openwall.com/lists/oss-security/2026/04/23/5

Credits

Khaled Alshammri