Cross-Site Scripting Vulnerability in Apache ActiveMQ and ActiveMQ Web
CVE-2026-41043

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache ActiveMQ; Apache ActiveMQ Web
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-41043?

A vulnerability in Apache ActiveMQ and Apache ActiveMQ Web allows authenticated attackers to inject malicious HTML content. By compromising the content type to HTML in the web console, attackers can leverage this flaw to display unauthorized content while browsing JMS queues, potentially endangering sensitive data and disrupting service usage. Users are advised to upgrade to versions 6.2.5 or 5.19.6 to mitigate this security issue.

Affected Version(s)

Apache ActiveMQ 0 < 5.19.6

Apache ActiveMQ 6.0.0 < 6.2.5

Apache ActiveMQ Web 0 < 5.19.6

References

https://activemq.apache.org/security-advisories.data/CVE-...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Apr 16, 2026

Credit

Khaled Alshammri

CVE-2026-41043 Data

JSON