CVE-2026-41043

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.6 Apache ActiveMQ versions 6.0.0 through 6.2.4 Apache ActiveMQ Web versions prior to 5.19.6 Apache ActiveMQ Web versions 6.0.0 through 6.2.4

Description An authenticated attacker can display malicious content when browsing queues in the web console. This is achieved by overriding the content type to HTML instead of XML and injecting HTML into a JMS selector field, leading to Cross-Site Scripting (XSS), which occurs when an application includes untrusted data in a web page without proper validation or escaping.

Recommendations Upgrade to version 5.19.6. Upgrade to version 6.2.5.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-915

Related Identifiers

BIT-ACTIVEMQ-2026-41043

CVE-2026-41043

GHSA-2JP3-2923-9H52

OESA-2026-2124

OESA-2026-2125

OESA-2026-2126

OESA-2026-2127

Affected Products

Apache Activemq

Apache Activemq Web

CVE-2026-41043

Weakness Enumeration

Related Identifiers

Affected Products

References · 28