Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-50734
PUBLISHED
More InfoOfficial Page
Assigner-apache
Assigner Org ID-f0158376-9dc2-43b6-827c-5f631a4d8d09
View Known Exploited Vulnerability (KEV) details
Published At-30 Jun, 2026 | 09:53
Updated At-30 Jun, 2026 | 12:32
Rejected At-
▼CVE Numbering Authority (CNA)
Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire memory-allocation DoS during wire format negotiation

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes the broker to attempt allocation during pre-auth negotiation which can trigger OOM and crash the broker. This issue affects Apache ActiveMQ Client: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.

Affected Products
Vendor
The Apache Software FoundationApache Software Foundation
Product
Apache ActiveMQ Client
Collection URL
https://repo.maven.apache.org/maven2
Package Name
org.apache.activemq:activemq-client
Default Status
unaffected
Versions
Affected
  • From 0 before 5.19.8 (semver)
  • From 6.0.0 before 6.2.7 (semver)
Vendor
The Apache Software FoundationApache Software Foundation
Product
Apache ActiveMQ
Package Name
org.apache.activemq:apache-activemq
Default Status
unaffected
Versions
Affected
  • From 0 before 5.19.8 (semver)
  • From 6.0.0 before 6.2.7 (semver)
Vendor
The Apache Software FoundationApache Software Foundation
Product
Apache ActiveMQ All
Package Name
org.apache.activemq:activemq-all
Default Status
unaffected
Versions
Affected
  • From 0 before 5.19.8 (semver)
  • From 6.0.0 before 6.2.7 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-789CWE-789 Memory Allocation with Excessive Size Value
Type: CWE
CWE ID: CWE-789
Description: CWE-789 Memory Allocation with Excessive Size Value
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Textual description of severity
text:
important
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Andrej Tomci
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://lists.apache.org/thread/nxso951fnvf72qf9m475mpz4yf931xk0
vendor-advisory
Hyperlink: https://lists.apache.org/thread/nxso951fnvf72qf9m475mpz4yf931xk0
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2026/06/29/10
N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2026/06/29/10
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Details not found