CVE-2026-40466— Apache多款产品 输入验证错误漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2026-40466 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport via BrokerView.addNetworkConnector or BrokerView.addConnector through Jolokia if the activemq-http module is on the classpath. A malicious HTTP endpoint can return a VM transport through the HTTP URI which will bypass the validation added in CVE-2026-34197. The attacker can then use the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ All: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5. Users are recommended to upgrade to version 5.19.6 or 6.2.5, which fixes the issue.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
输入验证不恰当
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Apache多款产品 输入验证错误漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Apache ActiveMQ等都是美国阿帕奇(Apache)基金会的产品。Apache ActiveMQ是一套开源的消息中间件,Apache ActiveMQ Broker是一个支持多协议的企业级消息代理中间件。Apache ActiveMQ All是一个包含消息代理及相关组件的完整消息中间件发行包。 Apache多款产品存在输入验证错误漏洞,该漏洞源于输入验证不当和代码注入,可能导致经过身份验证的攻击者绕过CVE-2026-34197的修复,通过Jolokia添加连接器,利用HTTP Discover
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| Apache Software Foundation | Apache ActiveMQ Broker | 0 ~ 5.19.6 | - | |
| Apache Software Foundation | Apache ActiveMQ All | 0 ~ 5.19.6 | - | |
| Apache Software Foundation | Apache ActiveMQ | 0 ~ 5.19.6 | - |
二、漏洞 CVE-2026-40466 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Apache ActiveMQ before 5.19.6 and 6.0.0 through 6.2.4 is vulnerable to remote code execution via a bypass of the CVE-2026-34197 security fix. The original fix blocked the "vm://" transport scheme in BrokerView.addNetworkConnector() and BrokerView.addConnector() to prevent authenticated attackers from loading malicious Spring XML configurations via the Jolokia API. However, the fix only denied the "vm" scheme. An attacker can bypass this restriction by using the HTTP Discovery transport(http://attacker/discovery), which is not in the denied scheme list. The attacker-controlled HTTP endpoint returns a vm:// transport URI as a second-stage response, which then loads a remote Spring XML application context, leading to arbitrary code execution on the broker JVM. The activemq-http module must be on the classpath (present by default in the "all" distribution), and authenticated access to the Jolokia API (/api/jolokia/) is required. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-40466.yaml | POC详情 |
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2026-40466 的情报信息
Please 登录 to view more intelligence information
同批安全公告 · Apache Software Foundation · 2026-04-24 · 共 7 条
| CVE-2026-41043 | Apache ActiveMQ和Apache ActiveMQ Web 跨站脚本漏洞 | |
| CVE-2026-41044 | Apache多款产品 输入验证错误漏洞 | |
| CVE-2025-62233 | Apache DolphinScheduler 代码问题漏洞 | |
| CVE-2026-23902 | Apache DolphinScheduler 安全漏洞 | |
| CVE-2026-40690 | Apache Airflow 安全漏洞 | |
| CVE-2026-38743 | Apache Airflow 安全漏洞 |
IV. Related Vulnerabilities
Same product: Apache ActiveMQ Broker
V. Comments for CVE-2026-40466
暂无评论