Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization...

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Description

Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions.

This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6.

Users are recommended to upgrade to version v6.2.6 or v5.19.7, which fixes the issue.

Basic Information

ID CVE-2026-46605

Source apache

Published Jun 1, 2026 at 07:21

Modified Jun 1, 2026 at 14:44

Affected Product

Vendor Apache Software Foundation

Product Apache ActiveMQ Broker

Affected Versions Apache Software Foundation Apache ActiveMQ Broker 0
Apache Software Foundation Apache ActiveMQ Broker 6.0.0
Apache Software Foundation Apache ActiveMQ All 0
Apache Software Foundation Apache ActiveMQ All 6.0.0
Apache Software Foundation Apache ActiveMQ 0
Apache Software Foundation Apache ActiveMQ 6.0.0

CWE Classification

CWE-285

References

lists.apache.org /thread/l4lxgr2s73g9pb218f180psfyskf8ldm

{
    "lastseen": "",
    "description": "Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions.\n\nThis issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6.\n\nUsers are recommended to upgrade to version v6.2.6 or v5.19.7, which fixes the issue.",
    "published": "2026-06-01T07:21:13.148Z",
    "modified": "2026-06-01T14:44:50.457Z",
    "type": "cve",
    "title": "Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removal",
    "source": "apache",
    "references": "https://lists.apache.org/thread/l4lxgr2s73g9pb218f180psfyskf8ldm",
    "id": "CVE-2026-46605",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache ActiveMQ Broker 0\nApache Software Foundation Apache ActiveMQ Broker 6.0.0\nApache Software Foundation Apache ActiveMQ All 0\nApache Software Foundation Apache ActiveMQ All 6.0.0\nApache Software Foundation Apache ActiveMQ 0\nApache Software Foundation Apache ActiveMQ 6.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache ActiveMQ Broker",
    "version": "0",
    "vendor": "Apache Software Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removal_CVE-2026-46605