VYPR
Medium severity6.5NVD Advisory· Published Apr 24, 2026· Updated Apr 27, 2026

CVE-2026-41043

CVE-2026-41043

Description

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web.

An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML (instead of XML) and by injecting HTML into a JMS selector field.

This issue affects Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ Web: before 5.19.6, from 6.0.0 before 6.2.5.

Users are recommended to upgrade to version 6.2.5 or 5.19.6, which fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.activemq:apache-activemqMaven
< 5.19.65.19.6
org.apache.activemq:activemq-allMaven
< 5.19.65.19.6
org.apache.activemq:activemq-brokerMaven
< 5.19.65.19.6
org.apache.activemq:apache-activemqMaven
>= 6.0.0, < 6.2.56.2.5
org.apache.activemq:activemq-allMaven
>= 6.0.0, < 6.2.56.2.5
org.apache.activemq:activemq-brokerMaven
>= 6.0.0, < 6.2.56.2.5

Affected products

8

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.