Unrated severityNVD Advisory· Published Jul 2, 2026
Debian activemq: Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-p…
CVE-2026-49877
Description
Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/* paths in the Web Console. The default Jetty settings incorrectly did not limit those paths to only admins. This issue affects Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.
Affected products
2Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.