Improper input validation in Apache Software Foundation Activemq
CVE-2026-49434
Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiat…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.
Affected products
- Apache Software Foundation Activemq — versions 0, 6.0.0
- Apache Software Foundation Activemq All — versions 0, 6.0.0
- Apache Software Foundation Activemq Broker — versions 0, 6.0.0
Weakness classification (CWE)
References
- security@apache.org (vendor-advisory)
- af854a3a-2127-422b-91ae-364da2661108
Frequently asked questions
- What is CVE-2026-49434?
- CVE-2026-49434 is a high-severity vulnerability in Apache Software Foundation Activemq, classified under Improper Input Validation. CVSS score: 7.5/10. Published 2026-06-30.
- How severe is CVE-2026-49434?
- High severity. CVSS v3 base score is 7.5 out of 10.