CVE-2026-41044 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: April 24, 2026
Apache ActiveMQ - Remote Code Execution
Published: April 24, 2026Updated: April 24, 2026Remote Exploitable
Overview
Apache ActiveMQ < 5.19.6 and 6.0.0 < 6.2.5 contains a remote code execution caused by improper input validation allowing authenticated attackers to inject malicious broker names via the admin web console, letting attackers execute arbitrary code on the broker JVM, exploit requires authentication.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Authenticated attackers can execute arbitrary code on the broker JVM, potentially leading to full system compromise.
Mitigation
Upgrade to version 6.2.5 or 5.19.6 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-41044
- Severity
- High
- CVSS Score
- 8.8
- Type
- command_injection
- Status
- unconfirmed
CWE
- CWE-20
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H