Description
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker.

An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message property maps are unmarshaled without size validation which can trigger OOM and crash the broker.
This issue affects Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Client: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7.

Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.
Published: 2026-06-30
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a memory allocation with excessive size value flaw in the OpenWire message property map unmarshalling process of Apache ActiveMQ. A crafted OpenWire message with a huge encoded size can cause the broker to attempt an enormous allocation, resulting in an out‑of‑memory condition that crashes the service. Because the broker is responsible for message routing, its failure disrupts all clients connected to the system, effectively denying legitimate users access to the messaging service. The weakness is a classic case of CWE‑789: Uncontrolled Memory Allocation.

Affected Systems

Affected vendors include the Apache Software Foundation’s Apache ActiveMQ platform, covering the core broker, as well as the ActiveMQ All distribution and the ActiveMQ Client libraries. Versions prior to 5.19.8 and all 6.0.0 releases up through 6.2.6 are vulnerable; 5.19.8 and 6.2.7 contain the fix.

Risk and Exploitability

The issue requires an authenticated connection to the ActiveMQ broker, so an attacker must first obtain valid credentials or have access to a client with authentication enabled. From that position, the attacker can send a single specially crafted message to trigger the crash. The CVSS score of 7.5 signals high severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. The lack of input size validation suggests a high likelihood of successful exploitation in a hostile environment; this is inferred from the description. The broker offers no native guard against the overlarge allocation, so the denial of service can be manually precipitated whenever the attacker can access the broker.

Generated by OpenCVE AI on June 30, 2026 at 16:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the ActiveMQ broker to version 5.19.8 or newer (including 6.2.7 and later) where the size validation has been added.
  • Restrict broker authentication to trusted clients only and limit network exposure to reduce the likelihood that an attacker can gain the necessary credentials.
  • Monitor the broker for abnormal memory usage or crashes and configure alerts to detect sudden OOM events, enabling rapid response if an attack occurs.

Generated by OpenCVE AI on June 30, 2026 at 16:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
References
Metrics threat_severity

None

threat_severity

Moderate


Tue, 30 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 30 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache activemq
Apache activemq All
Apache activemq Broker
Vendors & Products Apache
Apache activemq
Apache activemq All
Apache activemq Broker

Tue, 30 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
Description Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message property maps are unmarshaled without size validation which can trigger OOM and crash the broker. This issue affects Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Client: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.
Title Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling
Weaknesses CWE-789
References

Subscriptions

Apache Activemq Activemq All Activemq Broker
cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-06-30T14:51:31.720Z

Reserved: 2026-06-11T14:45:46.575Z

Link: CVE-2026-53917

cve-icon Vulnrichment

Updated: 2026-06-30T11:06:23.280Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-30T09:49:17Z

Links: CVE-2026-53917 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T16:30:16Z

Weaknesses
  • CWE-770

    Allocation of Resources Without Limits or Throttling

  • CWE-789

    Memory Allocation with Excessive Size Value