VYPR
Medium severity4.3NVD Advisory· Published Jun 1, 2026· Updated Jun 1, 2026

CVE-2026-46605

CVE-2026-46605

Description

Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions.

This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6.

Users are recommended to upgrade to version v6.2.6 or v5.19.7, which fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Apache/Activemq3 versions
    cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*range: <5.19.7
    • cpe:2.3:a:apache:activemq_broker:*:*:*:*:*:*:*:*range: <5.19.7
    • (no CPE)range: <5.19.7, >=6.0.0 <6.2.6
  • osv-coords
    Range: < 5.19.7

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.