What is CVE-2026-41044?

CVE-2026-41044 is a vulnerability in Apache Software Foundation Activemq, classified under Improper Input Validation. Published 2026-04-24.

Is CVE-2026-41044 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Apache Software Foundation Activemq

CVE-2026-41044

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (22.3th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Activemq — versions 0, 6.0.0
Apache Software Foundation Activemq All — versions 0, 6.0.0
Apache Software Foundation Activemq Broker — versions 0, 6.0.0

Weakness classification (CWE)

Public proof-of-concept exploits

mrillicit/CVE-2026-41044

References

activemq.apache.org/security-advisories.data/CVE-2026-41044-announcement.txt (vendor-advisory)

Frequently asked questions

What is CVE-2026-41044?: CVE-2026-41044 is a vulnerability in Apache Software Foundation Activemq, classified under Improper Input Validation. Published 2026-04-24.
Is CVE-2026-41044 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.