Uncontrolled Memory Allocation in ActiveMQ - CVE-2026-53916
Published: July 1, 2026
ActiveMQ
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to memory allocation with excessive size value in the STOMP NIO codec when handling header bytes on a STOMP NIO connection. A remote attacker can send header bytes that never terminate to cause a denial of service.
The issue can exhaust the JVM heap.