CVE-2026-50750 | Denial of Service via Out of Memory vulnerability in Apache …

Description

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broker will crash with OOM. This issue affects Apache ActiveMQ Broker: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7; Apache ActiveMQ All: from 5.19.7 before 5.19.8, from 6.2.6 before 6.2.7. Users are recommended to upgrade to version 6.2.7, which fixes the issue.

Metadata

CVE ID: CVE-2026-50750
State: PUBLISHED
Assigner: apache
Reserved: 2026-06-06 19:20 UTC
Published: 2026-06-30 09:51 UTC
Last updated: 2026-06-30 09:51 UTC
Vendor / Product: Apache Software Foundation / Apache ActiveMQ Broker
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (3)

Vendor	Product	Platform	Versions
Apache Software Foundation	Apache ActiveMQ	—	5.19.7 < 5.19.8, 6.2.6 < 6.2.7
Apache Software Foundation	Apache ActiveMQ All	—	5.19.7 < 5.19.8, 6.2.6 < 6.2.7
Apache Software Foundation	Apache ActiveMQ Broker	—	5.19.7 < 5.19.8, 6.2.6 < 6.2.7

Weakness (CWE)

CWE	Source	Description
—	cna	Denial of Service via Out of Memory

References (1)

https://lists.apache.org/thread/nhkmbdym61yp6wwy0dny8w1p46sm87kr