Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities found for Apache ActiveMQ MQTT by Apache Software Foundation
JVNDB-2026-006408
Vulnerability from jvndb - Published: 2026-04-24 17:56 - Updated:2026-04-24 17:56
Severity ?
Summary
Apache ActiveMQ series improper validation of MQTT packets [AMQ-9810]
Details
Apache ActiveMQ series provided by The Apache Software Foundation does not properly validate the remaining length field of MQTT packets, which may lead to integer overflow and misinterpretation of MQTT packets.
- Integer overflow or wraparound (CWE-190) - CVE-2025-66168, CVE-2026-40046
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-006408.html",
"dc:date": "2026-04-24T17:56+09:00",
"dcterms:issued": "2026-04-24T17:56+09:00",
"dcterms:modified": "2026-04-24T17:56+09:00",
"description": "Apache ActiveMQ series provided by The Apache Software Foundation does not properly validate the remaining length field of MQTT packets, which may lead to integer overflow and misinterpretation of MQTT packets.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/190.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eInteger overflow or wraparound (CWE-190) - CVE-2025-66168, CVE-2026-40046\u003c/li\u003e\u003c/ul\u003eGai Tanaka of Mitsui Bussan Secure Directions, Inc. reported this vulnerability in version 6.2.0 to the developer and IPA under Information Security Early Warning Partnership.\r\nJPCERT/CC coordinated with the developer to publish the advisory.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-006408.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:activemq",
"@product": "Apache ActiveMQ",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:apache:activemq_mqtt",
"@product": "Apache ActiveMQ MQTT",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-006408",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN20669184/index.html",
"@id": "JVN#20669184",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-66168",
"@id": "CVE-2025-66168",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-40046",
"@id": "CVE-2026-40046",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2025-66168",
"@id": "CVE-2025-66168",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Apache ActiveMQ series improper validation of MQTT packets [AMQ-9810]"
}
CVE-2026-40046 (GCVE-0-2026-40046)
Vulnerability from nvd – Published: 2026-04-09 15:58 – Updated: 2026-04-10 19:41
VLAI?
Title
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated
Summary
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT.
The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 (and future 5.19.x) releases but was missed for all 6.0.0+ versions.
This issue affects Apache ActiveMQ: from 6.0.0 before 6.2.4; Apache ActiveMQ All: from 6.0.0 before 6.2.4; Apache ActiveMQ MQTT: from 6.0.0 before 6.2.4.
Users are recommended to upgrade to version 6.2.4 or a 5.19.x version starting with 5.19.2 or later (currently latest is 5.19.5), which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Apache Software Foundation | Apache ActiveMQ |
Affected:
6.0.0 , < 6.2.4
(semver)
|
||||||||||||
|
||||||||||||||
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-40046",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T19:39:38.679321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T19:41:00.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.activemq:apache-activemq",
"product": "Apache ActiveMQ",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "6.2.4",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.activemq:activemq-all",
"product": "Apache ActiveMQ All",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "6.2.4",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.activemq:activemq-mqtt",
"product": "Apache ActiveMQ MQTT",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "6.2.4",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adrien Bernard"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eInteger Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT.\u003c/p\u003eThe fix for \"CVE-2025-66168: MQTT control packet remaining length field is not properly validated\" was only applied to 5.19.2 (and future 5.19.x) releases but was missed for all 6.0.0+ versions.\u003cbr\u003e\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue affects Apache ActiveMQ: from 6.0.0 before 6.2.4; Apache ActiveMQ All: from 6.0.0 before 6.2.4; Apache ActiveMQ MQTT: from 6.0.0 before 6.2.4.\u003c/span\u003e\n\n\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 6.2.4 or a 5.19.x version starting with 5.19.2 or later (currently latest is 5.19.5), which fixes the issue.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT.\n\nThe fix for \"CVE-2025-66168: MQTT control packet remaining length field is not properly validated\" was only applied to 5.19.2 (and future 5.19.x) releases but was missed for all 6.0.0+ versions.\n\n\nThis issue affects Apache ActiveMQ: from 6.0.0 before 6.2.4; Apache ActiveMQ All: from 6.0.0 before 6.2.4; Apache ActiveMQ MQTT: from 6.0.0 before 6.2.4.\n\n\n\nUsers are recommended to upgrade to version 6.2.4 or a 5.19.x version starting with 5.19.2 or later (currently latest is 5.19.5), which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T15:58:32.966Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66168"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/zdntj5rcgjjzrpow84o339lzldy68zrg"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-40046",
"datePublished": "2026-04-09T15:58:32.966Z",
"dateReserved": "2026-04-08T15:21:53.253Z",
"dateUpdated": "2026-04-10T19:41:00.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40046 (GCVE-0-2026-40046)
Vulnerability from cvelistv5 – Published: 2026-04-09 15:58 – Updated: 2026-04-10 19:41
VLAI?
Title
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated
Summary
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT.
The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 (and future 5.19.x) releases but was missed for all 6.0.0+ versions.
This issue affects Apache ActiveMQ: from 6.0.0 before 6.2.4; Apache ActiveMQ All: from 6.0.0 before 6.2.4; Apache ActiveMQ MQTT: from 6.0.0 before 6.2.4.
Users are recommended to upgrade to version 6.2.4 or a 5.19.x version starting with 5.19.2 or later (currently latest is 5.19.5), which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Apache Software Foundation | Apache ActiveMQ |
Affected:
6.0.0 , < 6.2.4
(semver)
|
||||||||||||
|
||||||||||||||
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-40046",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T19:39:38.679321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T19:41:00.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.activemq:apache-activemq",
"product": "Apache ActiveMQ",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "6.2.4",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.activemq:activemq-all",
"product": "Apache ActiveMQ All",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "6.2.4",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.activemq:activemq-mqtt",
"product": "Apache ActiveMQ MQTT",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "6.2.4",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adrien Bernard"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eInteger Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT.\u003c/p\u003eThe fix for \"CVE-2025-66168: MQTT control packet remaining length field is not properly validated\" was only applied to 5.19.2 (and future 5.19.x) releases but was missed for all 6.0.0+ versions.\u003cbr\u003e\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue affects Apache ActiveMQ: from 6.0.0 before 6.2.4; Apache ActiveMQ All: from 6.0.0 before 6.2.4; Apache ActiveMQ MQTT: from 6.0.0 before 6.2.4.\u003c/span\u003e\n\n\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 6.2.4 or a 5.19.x version starting with 5.19.2 or later (currently latest is 5.19.5), which fixes the issue.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT.\n\nThe fix for \"CVE-2025-66168: MQTT control packet remaining length field is not properly validated\" was only applied to 5.19.2 (and future 5.19.x) releases but was missed for all 6.0.0+ versions.\n\n\nThis issue affects Apache ActiveMQ: from 6.0.0 before 6.2.4; Apache ActiveMQ All: from 6.0.0 before 6.2.4; Apache ActiveMQ MQTT: from 6.0.0 before 6.2.4.\n\n\n\nUsers are recommended to upgrade to version 6.2.4 or a 5.19.x version starting with 5.19.2 or later (currently latest is 5.19.5), which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T15:58:32.966Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66168"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/zdntj5rcgjjzrpow84o339lzldy68zrg"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-40046",
"datePublished": "2026-04-09T15:58:32.966Z",
"dateReserved": "2026-04-08T15:21:53.253Z",
"dateUpdated": "2026-04-10T19:41:00.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}