Input validation error in ActiveMQ - CVE-2026-49432
Published: July 1, 2026
ActiveMQ
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in the STOMP connector when processing STOMP frames with a negative content-length. A remote attacker can send a specially crafted STOMP frame to cause a denial of service.
For the NIO STOMP transport, exploitation can grow the per-connection command buffer beyond configured limits and lead to out-of-memory conditions. For the blocking STOMP protocol, exploitation causes abnormal transport exception handling for the affected connection and its closure.