This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6.
Users are recommended to upgrade to version v6.2.6 or v5.19.7, which fixes the issue.
Project Subscriptions
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-cpw7-g3p5-qrfq | Apache ActiveMQ server has an incomplete authorization workflow |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 03 Jun 2026 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Apache activemq All
|
|
| Vendors & Products |
Apache activemq All
|
Mon, 01 Jun 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Apache
Apache activemq Apache activemq Broker |
|
| CPEs | cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:* cpe:2.3:a:apache:activemq_broker:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Apache
Apache activemq Apache activemq Broker |
Mon, 01 Jun 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Mon, 01 Jun 2026 09:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Mon, 01 Jun 2026 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions. This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. Users are recommended to upgrade to version v6.2.6 or v5.19.7, which fixes the issue. | |
| Title | Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removal | |
| Weaknesses | CWE-285 | |
| References |
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: apache
Published:
Updated: 2026-06-01T14:44:50.457Z
Reserved: 2026-05-15T18:20:10.111Z
Link: CVE-2026-46605
Updated: 2026-06-01T07:48:00.286Z
Status : Analyzed
Published: 2026-06-01T09:16:19.827
Modified: 2026-06-01T17:07:51.933
Link: CVE-2026-46605
No data.
OpenCVE Enrichment
Updated: 2026-06-02T20:55:01Z
Github GHSA