Cross-Site Scripting Vulnerability in Apache ActiveMQ and ActiveMQ Web
CVE-2026-41043

Currently unrated

Key Information:

Vendor: Apache
Status: Apache ActiveMQ; Apache ActiveMQ Web
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-41043?

A vulnerability in Apache ActiveMQ and Apache ActiveMQ Web allows authenticated attackers to inject malicious HTML content. By compromising the content type to HTML in the web console, attackers can leverage this flaw to display unauthorized content while browsing JMS queues, potentially endangering sensitive data and disrupting service usage. Users are advised to upgrade to versions 6.2.5 or 5.19.6 to mitigate this security issue.

Affected Version(s)

Apache ActiveMQ 0 < 5.19.6

Apache ActiveMQ 6.0.0 < 6.2.5

Apache ActiveMQ Web 0 < 5.19.6

References

https://activemq.apache.org/security-advisories.data/CVE-...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Apr 16, 2026

Credit

Khaled Alshammri

CVE-2026-41043 Data

JSON