RCE in Apache Software Foundation Activemq

CVE-2026-40466

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.180 (95.3th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Activemq — versions 0, 6.0.0
Apache Software Foundation Activemq All — versions 0, 6.0.0
Apache Software Foundation Activemq Broker — versions 0, 6.0.0

Weakness classification (CWE)

References

activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt (vendor-advisory)