🔐 CVE Alert

CVE-2026-50750

UNKNOWN 0.0

Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broker will crash with OOM. This issue affects Apache ActiveMQ Broker: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ All: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7. Users are recommended to upgrade to version 6.2.7, which fixes the issue.

Vendor apache software foundation
Product apache activemq broker
Published Jun 30, 2026
Stay Ahead of the Next One

Get instant alerts for apache software foundation apache activemq broker

Be the first to know when new unknown vulnerabilities affecting apache software foundation apache activemq broker are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache ActiveMQ Broker
5.19.7 < 5.19.8 6.2.6 < 6.2.7
Apache Software Foundation / Apache ActiveMQ
5.19.7 < 5.19.8 6.2.6 < 6.2.7
Apache Software Foundation / Apache ActiveMQ All
5.19.7 < 5.19.8 6.2.6 < 6.2.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗
lists.apache.org: https://lists.apache.org/thread/nhkmbdym61yp6wwy0dny8w1p46sm87kr