Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-54475
PUBLISHED
More InfoOfficial Page
Assigner-apache
Assigner Org ID-f0158376-9dc2-43b6-827c-5f631a4d8d09
View Known Exploited Vulnerability (KEV) details
Published At-30 Jun, 2026 | 09:48
Updated At-30 Jun, 2026 | 14:52
Rejected At-
▼CVE Numbering Authority (CNA)
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing a different connection to consume from another connection's temporary destination. This issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7, which fixes the issue.

Affected Products
Vendor
The Apache Software FoundationApache Software Foundation
Product
Apache ActiveMQ Broker
Collection URL
https://repo.maven.apache.org/maven2
Package Name
org.apache.activemq:activemq-broker
Default Status
unaffected
Versions
Affected
  • From 0 before 5.19.8 (semver)
  • From 6.0.0 before 6.2.7 (semver)
Vendor
The Apache Software FoundationApache Software Foundation
Product
Apache ActiveMQ All
Collection URL
https://repo.maven.apache.org/maven2
Package Name
org.apache.activemq:activemq-all
Default Status
unaffected
Versions
Affected
  • From 0 before 5.19.8 (semver)
  • From 6.0.0 before 6.2.7 (semver)
Vendor
The Apache Software FoundationApache Software Foundation
Product
Apache ActiveMQ
Collection URL
https://repo.maven.apache.org/maven2
Package Name
org.apache.activemq:apache-activemq
Default Status
unaffected
Versions
Affected
  • From 0 before 5.19.8 (semver)
  • From 6.0.0 before 6.2.7 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Textual description of severity
text:
important
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Leon Johnson (github: lokerxx)
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://lists.apache.org/thread/85f3q7mkh71y7qwyn6wvgw0bw4jl06ys
vendor-advisory
Hyperlink: https://lists.apache.org/thread/85f3q7mkh71y7qwyn6wvgw0bw4jl06ys
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2026/06/29/15
N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2026/06/29/15
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Details not found