{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-49157", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2026-05-27T21:28:11.005Z", "datePublished": "2026-06-01T07:20:10.862Z", "dateUpdated": "2026-06-01T07:48:06.780Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected", "packageName": "org.apache.activemq:apache-activemq", "product": "Apache ActiveMQ", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "5.19.7", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "6.2.6", "status": "affected", "version": "6.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Leon Johnson (github: lokerxx)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Incorrect Default Permissions vulnerability in Apache ActiveMQ.</p><p>This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6.</p><p>The default Jolokia authorization settings granted&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">non-admin (low-privilege) web-login accounts</span>&nbsp;access to Jolokia operations which allowed executing broker management operations meant for admins such as <code>addQueue</code> and <code>removeQueue</code>.</p><p>Users are recommended to upgrade to version 6.2.6 or 5.19.7, which fixes the issue.</p>"}], "value": "Incorrect Default Permissions vulnerability in Apache ActiveMQ.\n\nThis issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6.\n\nThe default Jolokia authorization settings granted\u00a0non-admin (low-privilege) web-login accounts\u00a0access to Jolokia operations which allowed executing broker management operations meant for admins such as addQueue and removeQueue.\n\nUsers are recommended to upgrade to version 6.2.6 or 5.19.7, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-06-01T07:20:10.862Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/rrcsf6s90hj4tdh89nvkko75q5505rj8"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/05/31/21"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-01T07:48:06.780Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions vulnerability in Apache ActiveMQ.\n\nThis issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6.\n\nThe default Jolokia authorization settings granted\u00a0non-admin (low-privilege) web-login accounts\u00a0access to Jolokia operations which allowed executing broker management operations meant for admins such as addQueue and removeQueue.\n\nUsers are recommended to upgrade to version 6.2.6 or 5.19.7, which fixes the issue."}], "id": "CVE-2026-49157", "lastModified": "2026-06-01T09:16:20.427", "metrics": {}, "published": "2026-06-01T09:16:20.427", "references": [{"source": "security@apache.org", "url": "https://lists.apache.org/thread/rrcsf6s90hj4tdh89nvkko75q5505rj8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2026/05/31/21"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "security@apache.org", "type": "Primary"}]}

{}

{}