CVE-2026-46605
Analyzed Analyzed - Analysis Complete
Authorization Bypass in Apache ActiveMQ Broker

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: Apache Software Foundation

Description
Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions. This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. Users are recommended to upgrade to version v6.2.6 or v5.19.7, which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-46605
EUVD
EUVD-2026-33575
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
apache activemq to 5.19.7 (exc)
apache activemq From 6.0.0 (inc) to 6.2.6 (exc)
apache activemq_broker to 5.19.7 (exc)
apache activemq_broker From 6.0.0 (inc) to 6.2.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-46605 is a vulnerability in Apache ActiveMQ server versions before v6.2.6 and v5.19.7. It involves incomplete authorization where authenticated users with valid credentials can remove existing destinations even if they do not have proper permissions to do so.

Impact Analysis

This vulnerability allows authenticated users to delete destinations they should not have access to, potentially disrupting messaging services and causing loss of important message routing configurations.

Mitigation Strategies

To mitigate this vulnerability, users are recommended to upgrade Apache ActiveMQ to version v6.2.6 or v5.19.7, which contain the fix for the incomplete authorization issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46605. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart