Main Vulnerability Database Vulnerabilities #VU128311

Cross-site scripting in ActiveMQ - CVE-2026-41043

Published: April 28, 2026

Vulnerability identifier: #VU128311

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-41043

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ActiveMQ

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote user to inject malicious content into the web console.

The vulnerability exists due to cross-site scripting in ActiveMQ Web Console when browsing queues. A remote user can inject HTML into a JMS selector field and override the content type to HTML to inject malicious content into the web console.

The issue is triggered while browsing queues in the web console.

Remediation

Install security update from vendor's website.

External links

https://lists.apache.org/api/email.lua?id=gb5z8x59jqzg8gl1jfch77fnxbbzbwzd

Cross-site scripting in ActiveMQ - CVE-2026-41043

Description

Remediation

External links

Please verify you're human