Memory Allocation Issue in Apache ActiveMQ and Its Variants
CVE-2026-53916

Currently unrated

Key Information:

Vendor: Apache
Status: Apache ActiveMQ; Apache ActiveMQ All; Apache ActiveMQ Stomp
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-53916?

A memory allocation vulnerability exists in Apache ActiveMQ due to the handling of header bytes sent from an unauthenticated client over a STOMP NIO connection. This flaw allows for excessive header size values, leading to unlimited buffering by the broker, which can ultimately exhaust the Java Virtual Machine (JVM) heap. It is crucial for users to update to version 6.2.7 or 5.19.8 to mitigate this issue effectively.

Affected Version(s)

Apache ActiveMQ 0 < 5.19.8

Apache ActiveMQ 6.0.0 < 6.2.7

Apache ActiveMQ All 0 < 5.19.8

References

https://lists.apache.org/thread/07hjsj88hqgsb7vvg6ttsj56t...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Jun 11, 2026

Credit

tonghuaroot

CVE-2026-53916 Data

JSON