{“lastseen”:””,”description”:”Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All.\\n\\nBrokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all durable topic subscriptions in the broker,\u00a0including client identifiers, subscription names, topic destinations, and\u00a0JMS selector expressions, by sending a BrokerInfo command. The broker incorrectly responds without first ensuring the connection is authenticated.\\nThis issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, from 6.0.0 before 6.2.6.\\n\\nUsers are recommended to upgrade to version 6.2.6 or 5.19.7, which fixes the issue.”,”published”:”2026-06-01T07:19:34.391Z”,”modified”:”2026-06-01T13:11:12.455Z”,”type”:”cve”,”title”:”Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)”,”source”:”apache”,”references”:”https:\/\/lists.apache.org\/thread\/k3233c1x506z3w7x4z0dqvd86d4v2fr2″,”id”:”CVE-2026-49270″,”bulletinFamily”:””,”cwe”:[“CWE-1230″],”cvelist”:null,”sourceData”:”Apache Software Foundation Apache ActiveMQ Broker 5.14.0\\nApache Software Foundation Apache ActiveMQ Broker 6.0.0\\nApache Software Foundation Apache ActiveMQ 5.14.0\\nApache Software Foundation Apache ActiveMQ 6.0.0\\nApache Software Foundation Apache ActiveMQ All 5.14.0\\nApache Software Foundation Apache ActiveMQ All 6.0.0″,”sourceHref”:””,”cvss”:{“score”:5.9,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Apache ActiveMQ Broker”,”version”:”5.14.0″,”vendor”:”Apache Software Foundation”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All.\\n\\nBrokers that are configured with a network connector with syncDurableSubs…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,97,12,21,13,7,11,5],"class_list":["post-58866","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-59","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n