CVE-2026-40046— Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40046
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated
Source: NVD (National Vulnerability Database)
Vulnerability Description
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 (and future 5.19.x) releases but was missed for all 6.0.0+ versions. This issue affects Apache ActiveMQ: from 6.0.0 before 6.2.4; Apache ActiveMQ All: from 6.0.0 before 6.2.4; Apache ActiveMQ MQTT: from 6.0.0 before 6.2.4. Users are recommended to upgrade to version 6.2.4 or a 5.19.x version starting with 5.19.2 or later (currently latest is 5.19.5), which fixes the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
整数溢出或超界折返
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache ActiveMQ 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache ActiveMQ是美国阿帕奇(Apache)基金会的一套开源的消息中间件,它支持Java消息服务、集群、Spring Framework等。 Apache ActiveMQ存在输入验证错误漏洞,该漏洞源于MQTT控制包剩余长度字段验证不当,可能导致整数溢出或环绕错误。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache ActiveMQ | 6.0.0 ~ 6.2.4 | - | |
| Apache Software Foundation | Apache ActiveMQ All | 6.0.0 ~ 6.2.4 | - | |
| Apache Software Foundation | Apache ActiveMQ MQTT | 6.0.0 ~ 6.2.4 | - |
II. Public POCs for CVE-2026-40046
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40046
请登录查看更多情报信息。
Same Patch Batch · Apache Software Foundation · 2026-04-09 · 17 CVEs total
| CVE-2026-34500 | Apache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled | |
| CVE-2026-34487 | Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer tok | |
| CVE-2026-34486 | Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor | |
| CVE-2026-34483 | Apache Tomcat: Incomplete escaping of JSON access logs | |
| CVE-2026-32990 | Apache Tomcat: Fix for CVE-2025-66614 is incomplete | |
| CVE-2026-29146 | Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default | |
| CVE-2026-29145 | Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail i | |
| CVE-2026-29129 | Apache Tomcat: TLS cipher order is not preserved | |
| CVE-2026-25854 | Apache Tomcat: Occasionally open redirect | |
| CVE-2026-24880 | Apache Tomcat: Request smuggling via invalid chunk extension | |
| CVE-2026-33005 | Apache OpenMeetings: Insufficient checks in FileWebService | |
| CVE-2026-33266 | Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt | |
| CVE-2026-34020 | Apache OpenMeetings: Login Credentials Passed via GET Query Parameters | |
| CVE-2025-57735 | Apache Airflow: Airflow Logout Not Invalidating JWT | |
| CVE-2025-62188 | Apache DolphinScheduler: Users can access sensitive information through the actuator endpo | |
| CVE-2026-34538 | Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure) |
IV. Related Vulnerabilities
Same product: Apache ActiveMQ
- CVE-2026-41044
Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All - CVE-2026-41043
Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - - CVE-2025-66168
Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ - CVE-2025-27533
Apache ActiveMQ: Unchecked buffer length can cause excessive - CVE-2024-32114
Apache ActiveMQ: Jolokia and REST API were not secured with
Same vendor: Apache Software Foundation
- CVE-2026-44417
Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS - CVE-2026-44618
Apache CXF: XXE vulnerability in WS-Transfer functionality - CVE-2026-44930
Apache CXF: LDAP Injection vulnerability in XKMS LDAP Reposi - CVE-2026-48207
Apache Fory: PyFory ReduceSerializer Incomplete Policy Enfor - CVE-2026-45760
Apache Camel K: Camel K Cross-Namespace Build Deputy Attack
Same weakness: CWE-190
- CVE-2026-24214
NVIDIA Triton Inference Server 输入验证错误漏洞 - CVE-2026-24210
NVIDIA Triton Inference Server 输入验证错误漏洞 - CVE-2026-43618
Rsync < 3.4.3 Integer Overflow Information Disclosure - CVE-2026-33642
Kitty has a Heap Buffer Over-Read/Write via Integer Overflow - CVE-2026-27781
kernel_liteos_a has an integer overflow vulnerability
V. Comments for CVE-2026-40046
No comments yet