Primary

Context

Apache ActiveMQ Incomplete Authorization Vulnerability Allowing Destination Removal

Vulnerability

Patched

A vulnerability exists in Apache ActiveMQ in versions prior to 5.19.7 and in the 6.0.0 series prior to 6.2.6. This vulnerability stems from incomplete authorization, which allows authenticated connections with the appropriate permissions to remove existing destinations. The issue is present in Apache ActiveMQ Broker, Apache ActiveMQ All, and Apache ActiveMQ, all within the specified version ranges.

Impact

Exploitation of this vulnerability could lead to unauthorized removal of destinations, potentially disrupting message routing and delivery in the ActiveMQ server.

Remediation

Users are advised to upgrade to Apache ActiveMQ version 6.2.6 or 5.19.7, both of which address this vulnerability.

Added: Jun 1, 2026, 9:24 AM

Updated: Jun 1, 2026, 9:24 AM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

5.0

exploitability

4.9

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

5.0

exploitability

4.9

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache ActiveMQ Incomplete Authorization Vulnerability Allowing Destination Removal

Vulnerability

Impact

Remediation

Affected Products

Apache ActiveMQ Broker

Apache ActiveMQ All

Apache ActiveMQ

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating