Missing Authorization in ActiveMQ - CVE-2026-54475
Published: July 1, 2026
ActiveMQ
Detailed vulnerability description
The vulnerability allows a remote user to consume messages from another connection's temporary destination.
The vulnerability exists due to improper access control in temporary destination ownership enforcement when handling access to temporary destinations. A remote user can use a different connection to consume from another connection's temporary destination to consume messages from another connection's temporary destination.
The isolation of temporary destinations is only checked in the client.