【Vulnerability Alert】High-Risk Security Vulnerabilities in Apache ActiveMQ (CVE-2026-40466 and CVE-2026-41044), Please Verify and Patch Immediately

• Subject: 【Vulnerability Alert】High-Risk Security Vulnerabilities in Apache ActiveMQ (CVE-2026-40466 and CVE-2026-41044), Please Verify and Patch Immediately

• Description:
  • Forwarded from National Information Sharing and Analysis Center (NISAC) Security Alert: NISAC-200-202605-00000002
  • Researchers have discovered two high-risk security vulnerabilities in Apache ActiveMQ (CVE-2026-40466 and CVE-2026-41044). The vulnerability types include Improper Input Validation and Code Injection. An authenticated remote attacker can exploit these vulnerabilities to make ActiveMQ load malicious configuration files, thereby executing arbitrary code. Please verify and patch immediately.
• Affected Platforms:
  • Apache ActiveMQ Broker versions prior to 5.19.6 (exclusive)
  • Apache ActiveMQ Broker versions 6.0.0 to 6.2.5 (exclusive)
  • Apache ActiveMQ All versions prior to 5.19.6 (exclusive)
  • Apache ActiveMQ All versions 6.0.0 to 6.2.5 (exclusive)
  • Apache ActiveMQ versions prior to 5.19.6 (exclusive)
  • Apache ActiveMQ versions 6.0.0 to 6.2.5 (exclusive)
• Recommended Actions:
  • Official fix updates have been released for these vulnerabilities. Please refer to the official announcements for updates at the following URLs:
  • https://activemq.apache.org/security-advisories.data/CVE-2026-40466-announcement.txt
  • https://activemq.apache.org/security-advisories.data/CVE-2026-41044-announcement.txt
• Reference Materials:
  1. https://nvd.nist.gov/vuln/detail/CVE-2026-40466
  2. https://nvd.nist.gov/vuln/detail/CVE-2026-41044
  3. https://activemq.apache.org/security-advisories.data/CVE-2026-40466-announcement.txt
  4. https://activemq.apache.org/security-advisories.data/CVE-2026-41044-announcement.txt

Computer and Communication Center
Network Systems Division