Uncontrolled Memory Allocation in ActiveMQ - CVE-2026-50734
Published: July 1, 2026
ActiveMQ
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to memory allocation with excessive size value in OpenWire wire format negotiation when processing a WireFormatInfo frame during pre-authentication negotiation. A remote attacker can send a crafted WireFormatInfo frame with a malicious large size value to cause a denial of service.
The issue can trigger out-of-memory conditions and crash the broker.