Apache ActiveMQ
Moderate fix4 remedies
cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*
Moderate fix4 remedies
- >= 5.18.0, < 5.18.3
- >= 5.17.0, < 5.17.6
- >= 5.16.0, < 5.16.7
- < 5.15.16
Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Apache ActiveMQ OpenWire Protocol Remote Code Execution Vulnerability
Vulnerability
Exploited
Patched
A remote code execution vulnerability has been identified in the Java OpenWire protocol marshaller of Apache ActiveMQ. This issue affects versions 5.18.0 prior to 5.18.3, 5.17.0 prior to 5.17.6, 5.16.0 prior to 5.16.7, and all versions prior to 5.15.16. The vulnerability allows a remote attacker with network access to an OpenWire broker or client to execute arbitrary shell commands. This is achieved by manipulating serialized class types in the OpenWire protocol, causing the client or broker to instantiate any class on the classpath.
Impact
Exploitation of this vulnerability allows for unauthenticated remote code execution on the affected broker or client.
Reproduction
The vulnerability can be reproduced by sending a crafted OpenWire message that includes manipulated serialized class types. This can be done using the Metasploit module available in the Metasploit Framework, which automates the exploitation process by sending the payload through the OpenWire protocol.
Remediation
Users are advised to upgrade to Apache ActiveMQ versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which address this vulnerability.
Added: Mar 16, 2026, 8:54 PM
Updated: Mar 16, 2026, 8:54 PM
Vulnerability Rating
Custom Algorithm
spread
5.7impact
10.0exploitability
8.5remediation
7.7relevance
0.0threat
9.9urgency
2.9incentive
8.3Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.