CVE-2026-50734 | Memory Allocation with Excessive Size Value vulnerability in…

Description

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes the broker to attempt allocation during pre-auth negotiation which can trigger OOM and crash the broker. This issue affects Apache ActiveMQ Client: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.

Metadata

CVE ID: CVE-2026-50734
State: PUBLISHED
Assigner: apache
Reserved: 2026-06-05 17:01 UTC
Published: 2026-06-30 09:53 UTC
Last updated: 2026-06-30 11:06 UTC
Primary CWE: CWE-789
CWE-789 Memory Allocation with Excessive Size Value
Vendor / Product: Apache Software Foundation / Apache ActiveMQ Client
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (3)

Vendor	Product	Platform	Versions
Apache Software Foundation	Apache ActiveMQ	—	0 < 5.19.8, 6.0.0 < 6.2.7
Apache Software Foundation	Apache ActiveMQ All	—	0 < 5.19.8, 6.0.0 < 6.2.7
Apache Software Foundation	Apache ActiveMQ Client	—	0 < 5.19.8, 6.0.0 < 6.2.7

Weakness (CWE)

CWE	Source	Description
CWE-789	cna	CWE-789 Memory Allocation with Excessive Size Value

References (1)

https://lists.apache.org/thread/nxso951fnvf72qf9m475mpz4yf931xk0