CVE-2026-53917 (GCVE-0-2026-53917)
Vulnerability from cvelistv5 – Published: 2026-06-30 09:49 – Updated: 2026-06-30 14:51
VLAI
Title
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling
Summary
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker.
An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message property maps are unmarshaled without size validation which can trigger OOM and crash the broker.
This issue affects Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Client: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7.
Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/grrd1mwgkgblqjbwk… | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2026/0… |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache ActiveMQ |
Affected:
0 , < 5.19.8
(semver)
Affected: 6.0.0 , < 6.2.7 (semver) |
|
| Apache Software Foundation | Apache ActiveMQ All |
Affected:
0 , < 5.19.8
(semver)
Affected: 6.0.0 , < 6.2.7 (semver) |
|
| Apache Software Foundation | Apache ActiveMQ Client |
Affected:
0 , < 5.19.8
(semver)
Affected: 6.0.0 , < 6.2.7 (semver) |
|
| Apache Software Foundation | Apache ActiveMQ Broker |
Affected:
0 , < 5.19.8
(semver)
Affected: 6.0.0 , < 6.2.7 (semver) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-30T11:06:23.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/06/29/14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-53917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T14:51:28.341266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T14:51:31.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.activemq:apache-activemq",
"product": "Apache ActiveMQ",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "5.19.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "6.2.7",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.activemq:activemq-all",
"product": "Apache ActiveMQ All",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "5.19.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "6.2.7",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.activemq:activemq-client",
"product": "Apache ActiveMQ Client",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "5.19.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "6.2.7",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.activemq:activemq-broker",
"product": "Apache ActiveMQ Broker",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "5.19.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "6.2.7",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "tonghuaroot"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMemory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker.\u003c/p\u003eAn authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOpenWire message property maps are unmarshaled without size validation\u003c/span\u003e\u0026nbsp;which can trigger OOM and crash the broker.\u003cbr\u003e\u003cp\u003eThis issue affects Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Client: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker.\n\nAn authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message property maps are unmarshaled without size validation\u00a0which can trigger OOM and crash the broker.\nThis issue affects Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Client: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7.\n\nUsers are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T09:49:17.388Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/grrd1mwgkgblqjbwkkq6dvmdxd9ov2dx"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-53917",
"datePublished": "2026-06-30T09:49:17.388Z",
"dateReserved": "2026-06-11T14:45:46.575Z",
"dateUpdated": "2026-06-30T14:51:31.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-53917\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-06-30T11:16:30.273\",\"lastModified\":\"2026-06-30T15:16:57.520\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker.\\n\\nAn authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message property maps are unmarshaled without size validation\u00a0which can trigger OOM and crash the broker.\\nThis issue affects Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Client: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7.\\n\\nUsers are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.\"}],\"affected\":[{\"source\":\"security@apache.org\",\"affectedData\":[{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache ActiveMQ\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://repo.maven.apache.org/maven2\",\"packageName\":\"org.apache.activemq:apache-activemq\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"5.19.8\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"6.0.0\",\"lessThan\":\"6.2.7\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache ActiveMQ All\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://repo.maven.apache.org/maven2\",\"packageName\":\"org.apache.activemq:activemq-all\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"5.19.8\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"6.0.0\",\"lessThan\":\"6.2.7\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache ActiveMQ Client\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://repo.maven.apache.org/maven2\",\"packageName\":\"org.apache.activemq:activemq-client\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"5.19.8\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"6.0.0\",\"lessThan\":\"6.2.7\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache ActiveMQ Broker\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://repo.maven.apache.org/maven2\",\"packageName\":\"org.apache.activemq:activemq-broker\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"5.19.8\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"6.0.0\",\"lessThan\":\"6.2.7\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-30T14:51:28.341266Z\",\"id\":\"CVE-2026-53917\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-789\"}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/grrd1mwgkgblqjbwkkq6dvmdxd9ov2dx\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/06/29/14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/06/29/14\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-06-30T11:06:23.280Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-53917\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-30T14:51:28.341266Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-30T14:51:20.447Z\"}}], \"cna\": {\"title\": \"Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"tonghuaroot\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache ActiveMQ\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.19.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.2.7\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.activemq:apache-activemq\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache ActiveMQ All\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.19.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.2.7\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.activemq:activemq-all\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache ActiveMQ Client\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.19.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.2.7\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.activemq:activemq-client\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache ActiveMQ Broker\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.19.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.2.7\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.activemq:activemq-broker\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/grrd1mwgkgblqjbwkkq6dvmdxd9ov2dx\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker.\\n\\nAn authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message property maps are unmarshaled without size validation\\u00a0which can trigger OOM and crash the broker.\\nThis issue affects Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Client: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7.\\n\\nUsers are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eMemory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker.\u003c/p\u003eAn authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eOpenWire message property maps are unmarshaled without size validation\u003c/span\u003e\u0026nbsp;which can trigger OOM and crash the broker.\u003cbr\u003e\u003cp\u003eThis issue affects Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Client: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-789\", \"description\": \"CWE-789 Memory Allocation with Excessive Size Value\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2026-06-30T09:49:17.388Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-53917\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-30T14:51:31.720Z\", \"dateReserved\": \"2026-06-11T14:45:46.575Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2026-06-30T09:49:17.388Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…