CVE-2026-49157EPSS p29.0%

CVE-2026-49157CVE-2026-49157

apache / activemq

Description

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin (low-privilege) web-login accounts access to Jolokia operations which allowed executing broker management operations meant for admins such as addQueue and removeQueue. Users are recommended to upgrade to version 6.2.6 or 5.19.7, which fixes the issue.

Scoring

CVSS 8.8 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.37% probability of exploitation · percentile 29.0% · 2026-06-19T12:03:05Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-46605
CVE
CVE-2026-49270
CVE
CVE-2026-45505
CVE
CVE-2026-40466
CVE
CVE-2026-42588
CVE
CVE-2026-41044
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.