Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-50750— Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270

AI Predicted 7.5 Difficulty: Easy EPSS 0.71% · P49

Affected Version Matrix 6

VendorProductVersion RangeStatus
Apache Software FoundationApache ActiveMQ5.19.7< 5.19.8affected
6.2.6< 6.2.7affected
Apache Software FoundationApache ActiveMQ All5.19.7< 5.19.8affected
6.2.6< 6.2.7affected
Apache Software FoundationApache ActiveMQ Broker5.19.7< 5.19.8affected
6.2.6< 6.2.7affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-50750

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270
Source: NVD (National Vulnerability Database)
Vulnerability Description
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broker will crash with OOM. This issue affects Apache ActiveMQ Broker: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ All: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7. Users are recommended to upgrade to version 6.2.7, which fixes the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache ActiveMQ 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache ActiveMQ是Apache基金会的一款消息队列中间件。 Apache ActiveMQ存在资源管理错误漏洞,该漏洞源于发送重复的BrokerInfo命令而不发送ConnectionInfo,可能导致未经身份验证的攻击者造成代理OOM,直至代理崩溃。以下版本受到影响:Apache ActiveMQ Broker 5.19.8之前版本和6.2.7之前版本;Apache ActiveMQ 5.19.8之前版本和6.2.7之前版本;Apache ActiveMQ All 5.19.8之前版本和6
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Apache Software FoundationApache ActiveMQ Broker 5.19.7 ~ 5.19.8 -
Apache Software FoundationApache ActiveMQ 5.19.7 ~ 5.19.8 -
Apache Software FoundationApache ActiveMQ All 5.19.7 ~ 5.19.8 -

II. Public POCs for CVE-2026-50750

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-50750

登录查看更多情报信息。

Mailing List Discussions for CVE-2026-50750 (1)

Same Patch Batch · Apache Software Foundation · 2026-06-30 · 10 CVEs total

CVE-2025-53648Apache Gravitino: SQL misconfiguration can access or truncate files
CVE-2026-49434Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instant
CVE-2026-49432Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length
CVE-2026-49877Apache ActiveMQ: Authenticated web users retain admin access by default in the Web Console
CVE-2026-50734Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire
CVE-2026-52760Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ
CVE-2026-53916Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in ST
CVE-2026-53917Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbo
CVE-2026-54475Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination owners

IV. Related Vulnerabilities

V. Comments for CVE-2026-50750

No comments yet


Leave a comment