{"api_version":"1","generated_at":"2026-06-30T18:53:10+00:00","cve":"CVE-2026-54475","urls":{"html":"https://cve.report/CVE-2026-54475","api":"https://cve.report/api/cve/CVE-2026-54475.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-54475","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-54475"},"summary":{"title":"Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover","description":"Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.\n\nApache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing a different connection to consume from another connection's temporary\ndestination.\nThis issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7.\n\nUsers are recommended to upgrade to version 6.2.7, which fixes the issue.","state":"PUBLISHED","assigner":"apache","published_at":"2026-06-30 11:16:30","updated_at":"2026-06-30 15:16:57"},"problem_types":["CWE-862","CWE-862 CWE-862 Missing Authorization"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"}}],"references":[{"url":"https://lists.apache.org/thread/85f3q7mkh71y7qwyn6wvgw0bw4jl06ys","name":"https://lists.apache.org/thread/85f3q7mkh71y7qwyn6wvgw0bw4jl06ys","refsource":"security@apache.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/29/15","name":"http://www.openwall.com/lists/oss-security/2026/06/29/15","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-54475","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-54475","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Apache Software Foundation","product":"Apache ActiveMQ Broker","version":"affected 5.19.8 semver","platforms":[]},{"source":"CNA","vendor":"Apache Software Foundation","product":"Apache ActiveMQ Broker","version":"affected 6.0.0 6.2.7 semver","platforms":[]},{"source":"CNA","vendor":"Apache Software Foundation","product":"Apache ActiveMQ All","version":"affected 5.19.8 semver","platforms":[]},{"source":"CNA","vendor":"Apache Software Foundation","product":"Apache ActiveMQ All","version":"affected 6.0.0 6.2.7 semver","platforms":[]},{"source":"CNA","vendor":"Apache Software Foundation","product":"Apache ActiveMQ","version":"affected 5.19.8 semver","platforms":[]},{"source":"CNA","vendor":"Apache Software Foundation","product":"Apache ActiveMQ","version":"affected 6.0.0 6.2.7 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Leon Johnson (github: lokerxx)","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2026-06-30T11:06:25.154Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"http://www.openwall.com/lists/oss-security/2026/06/29/15"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2026-54475","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-30T14:52:21.373754Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-30T14:52:25.352Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://repo.maven.apache.org/maven2","defaultStatus":"unaffected","packageName":"org.apache.activemq:activemq-broker","product":"Apache ActiveMQ Broker","vendor":"Apache Software Foundation","versions":[{"lessThan":"5.19.8","status":"affected","version":"0","versionType":"semver"},{"lessThan":"6.2.7","status":"affected","version":"6.0.0","versionType":"semver"}]},{"collectionURL":"https://repo.maven.apache.org/maven2","defaultStatus":"unaffected","packageName":"org.apache.activemq:activemq-all","product":"Apache ActiveMQ All","vendor":"Apache Software Foundation","versions":[{"lessThan":"5.19.8","status":"affected","version":"0","versionType":"semver"},{"lessThan":"6.2.7","status":"affected","version":"6.0.0","versionType":"semver"}]},{"collectionURL":"https://repo.maven.apache.org/maven2","defaultStatus":"unaffected","packageName":"org.apache.activemq:apache-activemq","product":"Apache ActiveMQ","vendor":"Apache Software Foundation","versions":[{"lessThan":"5.19.8","status":"affected","version":"0","versionType":"semver"},{"lessThan":"6.2.7","status":"affected","version":"6.0.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Leon Johnson (github: lokerxx)"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.</p>Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing a&nbsp;different connection to consume from another connection's temporary<br>destination.<br><p>This issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7.</p><p>Users are recommended to upgrade to version 6.2.7, which fixes the issue.</p>"}],"value":"Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.\n\nApache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing a different connection to consume from another connection's temporary\ndestination.\nThis issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7.\n\nUsers are recommended to upgrade to version 6.2.7, which fixes the issue."}],"metrics":[{"other":{"content":{"text":"important"},"type":"Textual description of severity"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"CWE-862 Missing Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T09:48:28.852Z","orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache"},"references":[{"tags":["vendor-advisory"],"url":"https://lists.apache.org/thread/85f3q7mkh71y7qwyn6wvgw0bw4jl06ys"}],"source":{"discovery":"UNKNOWN"},"title":"Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","cveId":"CVE-2026-54475","datePublished":"2026-06-30T09:48:28.852Z","dateReserved":"2026-06-15T16:52:41.340Z","dateUpdated":"2026-06-30T14:52:25.352Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-30 11:16:30","lastModifiedDate":"2026-06-30 15:16:57","problem_types":["CWE-862","CWE-862 CWE-862 Missing Authorization"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T14:52:21.373754Z","id":"CVE-2026-54475","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"54475","Ordinal":"1","Title":"Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Te","CVE":"CVE-2026-54475","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"54475","Ordinal":"1","NoteData":"Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.\n\nApache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing a different connection to consume from another connection's temporary\ndestination.\nThis issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7.\n\nUsers are recommended to upgrade to version 6.2.7, which fixes the issue.","Type":"Description","Title":"Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Te"}]}}}