Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-50734— Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire memory-allocation DoS during wire format negotiation

AI Predicted 7.5 Difficulty: Easy EPSS 0.80% · P52

Affected Version Matrix 6

VendorProductVersion RangeStatus
Apache Software FoundationApache ActiveMQ< 5.19.8affected
6.0.0< 6.2.7affected
Apache Software FoundationApache ActiveMQ All< 5.19.8affected
6.0.0< 6.2.7affected
Apache Software FoundationApache ActiveMQ Client< 5.19.8affected
6.0.0< 6.2.7affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-50734

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire memory-allocation DoS during wire format negotiation
Source: NVD (National Vulnerability Database)
Vulnerability Description
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes the broker to attempt allocation during pre-auth negotiation which can trigger OOM and crash the broker. This issue affects Apache ActiveMQ Client: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未经控制的内存分配
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache ActiveMQ 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache ActiveMQ是Apache基金会的一款消息队列中间件。 Apache ActiveMQ Client、Apache ActiveMQ和Apache ActiveMQ All存在资源管理错误漏洞,该漏洞源于内存分配大小值过大,导致未经身份验证的网络攻击者通过发送特制的WireFormatInfo帧,触发代理在预认证协商期间尝试分配内存,引起内存溢出并崩溃。以下版本受到影响:Apache ActiveMQ Client 5.19.8之前版本和6.0.0至6.2.7之前版本;Apache Ac
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Apache Software FoundationApache ActiveMQ Client 0 ~ 5.19.8 -
Apache Software FoundationApache ActiveMQ 0 ~ 5.19.8 -
Apache Software FoundationApache ActiveMQ All 0 ~ 5.19.8 -

II. Public POCs for CVE-2026-50734

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-50734

登录查看更多情报信息。

Mailing List Discussions for CVE-2026-50734 (1)

Same Patch Batch · Apache Software Foundation · 2026-06-30 · 10 CVEs total

CVE-2025-53648Apache Gravitino: SQL misconfiguration can access or truncate files
CVE-2026-49434Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instant
CVE-2026-49432Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length
CVE-2026-49877Apache ActiveMQ: Authenticated web users retain admin access by default in the Web Console
CVE-2026-50750Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire
CVE-2026-52760Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ
CVE-2026-53916Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in ST
CVE-2026-53917Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbo
CVE-2026-54475Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination owners

IV. Related Vulnerabilities

V. Comments for CVE-2026-50734

No comments yet


Leave a comment