CVE-2023-46604CISA KEVEPSS p99.9%

CVE-2023-46604Apache ActiveMQ Deserialization of Untrusted Data Vulnerability

Apache / ActiveMQ

Description

Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.

Scoring

EPSS99.65% probability of exploitation · percentile 99.9% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2023-11-02

(incoming)1

TypeTargetConfidenceTier
KEVEntryApache ActiveMQ Deserialization of Untrusted Data Vulnerabilitykev-cve-2023-466040%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Apache ActiveMQ Improper Input Validation Vulnerability
CVE
CVE-2025-29953
CVE
CVE-2025-54539
CVE
CVE-2026-42588
CVE
CVE-2026-40466
CVE
CVE-2026-41044
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.