Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026050605050909 | Publication Time | 2026-05-06 17:19:11 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026-05-06 17:19:11 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】Apache ActiveMQ contains high-risk security vulnerabilities (CVE-2026-40466 and CVE-2026-41044). Please confirm and perform patching as soon as possible. |
|||
| [Content]
Forwarded from the National Institute of Cyber Security Information Security Message Alert NISAC-200-202605-00000002 Researchers have discovered that Apache ActiveMQ contains 2 high-risk security vulnerabilities (CVE-2026-40466 and CVE-2026-41044). The types include Improper Input Validation and Code Injection. An authenticated remote attacker can exploit these vulnerabilities to cause ActiveMQ to load malicious configuration files, and then execute arbitrary code. Please confirm and perform patching as soon as possible. Information Sharing Level: WHITE (The information content is information that may be publicly disclosed) |
|||
| [Affected Platform]
Apache ActiveMQ Broker versions earlier than 5.19.6 (excluding) Apache ActiveMQ Broker versions from 6.0.0 to earlier than 6.2.5 (excluding) Apache ActiveMQ All versions earlier than 5.19.6 (excluding) Apache ActiveMQ All versions from 6.0.0 to earlier than 6.2.5 (excluding) Apache ActiveMQ versions earlier than 5.19.6 (excluding) Apache ActiveMQ versions from 6.0.0 to earlier than 6.2.5 (excluding)
|
|||
| [Recommended Actions]
The official source has released fix updates for the vulnerabilities. Please refer to the official instructions to perform the updates. The URLs are as follows: https://activemq.apache.org/security-advisories.data/CVE-2026-40466-announcement.txt https://activemq.apache.org/security-advisories.data/CVE-2026-41044-announcement.txt |
|||
|
[Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2026-40466 |
|||