Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-54475
Analyzed
More InfoOfficial Page
Source-security@apache.org
View Known Exploited Vulnerability (KEV) details
Published At-30 Jun, 2026 | 11:16
Updated At-02 Jul, 2026 | 18:41

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing a different connection to consume from another connection's temporary destination. This issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7, which fixes the issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

The Apache Software Foundation
apache
>>activemq>>Versions before 5.19.8(exclusive)
cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>activemq>>Versions from 6.0.0(inclusive) to 6.2.7(exclusive)
cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>activemq_broker>>Versions before 5.19.8(exclusive)
cpe:2.3:a:apache:activemq_broker:*:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>activemq_broker>>Versions from 6.0.0(inclusive) to 6.2.7(exclusive)
cpe:2.3:a:apache:activemq_broker:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-862Secondarysecurity@apache.org
CWE ID: CWE-862
Type: Secondary
Source: security@apache.org
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://lists.apache.org/thread/85f3q7mkh71y7qwyn6wvgw0bw4jl06yssecurity@apache.org
Vendor Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2026/06/29/15af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://lists.apache.org/thread/85f3q7mkh71y7qwyn6wvgw0bw4jl06ys
Source: security@apache.org
Resource:
Vendor Advisory
Mailing List
Hyperlink: http://www.openwall.com/lists/oss-security/2026/06/29/15
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Change History
0Changes found

Details not found