CVE-2026-49157

Published: Giu 01, 2026 Last Modified: Giu 01, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

Incorrect Default Permissions vulnerability in Apache ActiveMQ.

This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6.

The default Jolokia authorization settings granted non-admin (low-privilege) web-login accounts access to Jolokia operations which allowed executing broker management operations meant for admins such as addQueue and removeQueue.

Users are recommended to upgrade to version 6.2.6 or 5.19.7, which fixes the issue.

276

Incorrect Default Permissions

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity
Potential Impacts:
Read Application Data Modify Application Data
Applicable Platforms
Technologies: Not Technology-Specific, ICS/OT
Likelihood of Exploit: Medium
View CWE Details
http://www.openwall.com/lists/oss-security/2026/05/31/21
http://www.openwall.com/lists/oss-security/2026/05/31/21
https://lists.apache.org/thread/rrcsf6s90hj4tdh89nvkko75q55…
https://lists.apache.org/thread/rrcsf6s90hj4tdh89nvkko75q5505rj8