CVE-2026-50750

HIGH

Apache ActiveMQ 5.19.7 and 6.2.6 - Unauthenticated OpenWire Denial of Service

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-50750. PoCs published by HermesNA-1.

AI-analyzed exploit summary This repository contains an auto-generated stub module for CVE-2026-50750, a Denial of Service (DoS) vulnerability in Apache ActiveMQ. The code includes placeholder logic for probing a target but lacks the actual exploit implementation to trigger the out-of-memory condition.

Description

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broker will crash with OOM. This issue affects Apache ActiveMQ Broker: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ All: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7. Users are recommended to upgrade to version 6.2.7, which fixes the issue.

Exploits (1)

github STUB 1 stars
by HermesNA-1 · pythonpoc
https://github.com/HermesNA-1/SnakeSploit/tree/main/data/modules_generated/cve-2026-50750_denial_service_via.py

This repository contains an auto-generated stub module for CVE-2026-50750, a Denial of Service (DoS) vulnerability in Apache ActiveMQ. The code includes placeholder logic for probing a target but lacks the actual exploit implementation to trigger the out-of-memory condition.

Classification
Stub 98%
Attack Type
Dos
Complexity
Moderate
Reliability
Theoretical
Target: Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All
No auth needed
Prerequisites: Network access to the target ActiveMQ broker (default port likely 61616 or 8161) · Unauthenticated access to the vulnerable endpoint
mistral-large-3 · analyzed Jul 09, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0071
EPSS Percentile 49.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-400
Status published
Products (10)
apache/activemq 5.19.7
apache/activemq 6.2.6
apache/activemq_broker 5.19.7
apache/activemq_broker 6.2.6
Apache Software Foundation/Apache ActiveMQ 5.19.7 - 5.19.8
Apache Software Foundation/Apache ActiveMQ 6.2.6 - 6.2.7
Apache Software Foundation/Apache ActiveMQ All 5.19.7 - 5.19.8
Apache Software Foundation/Apache ActiveMQ All 6.2.6 - 6.2.7
Apache Software Foundation/Apache ActiveMQ Broker 5.19.7 - 5.19.8
Apache Software Foundation/Apache ActiveMQ Broker 6.2.6 - 6.2.7
Published Jun 30, 2026
Tracked Since Jun 30, 2026