CVE-2026-54475
HIGHApache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2026-54475. PoCs published by HermesNA-1.
AI-analyzed exploit summary This repository contains an auto-generated stub module for CVE-2026-54475, a missing authorization vulnerability in Apache ActiveMQ Classic. The code includes placeholder methods (`check` and `run`) with no actual exploit logic, only references to external advisories for further details.
Description
Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing a different connection to consume from another connection's temporary destination. This issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7, which fixes the issue.
Exploits (1)
This repository contains an auto-generated stub module for CVE-2026-54475, a missing authorization vulnerability in Apache ActiveMQ Classic. The code includes placeholder methods (`check` and `run`) with no actual exploit logic, only references to external advisories for further details.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N