【資安漏洞預警】Apache ActiveMQ存在高風險安全漏洞(CVE-2026-40466與CVE-2026-41044),請儘速確認並進行修補
[Security Vulnerability Alert] Apache ActiveMQ contains high-risk security vulnerabilities (CVE-2026-40466 and CVE-2026-41044). Please confirm and patch them as soon as possible.

發布單位:圖資處數位服務組
日期範圍:2026/5/7 ~ 2026/11/7
 
發布單位:圖資處數位服務組
日期範圍:2026/5/7 ~ 2026/11/7
行政 行政公告
全體

轉發 國家資安資訊分享與分析中心 資安訊息警訊 NISAC-200-202605-00000002

[內容說明]
研究人員發現Apache ActiveMQ存在2個高風險安全漏洞(CVE-2026-40466與CVE-2026-41044),類型包含不當輸入驗證(Improper Input Validation)與程式碼注入(Code Injection),已通過身分鑑別之遠端攻擊者可利用此漏洞,使ActiveMQ載入惡意設定檔,進而執行任意程式碼,請儘速確認並進行修補。

[影響平台]
Apache ActiveMQ Broker 5.19.6(不含)以前版本
Apache ActiveMQ Broker 6.0.0至6.2.5(不含)版本
Apache ActiveMQ All 5.19.6(不含)以前版本
Apache ActiveMQ All 6.0.0至6.2.5(不含)版本
Apache ActiveMQ 5.19.6(不含)以前版本
Apache ActiveMQ 6.0.0至6.2.5(不含)版本

[建議措施]
官方已針對漏洞釋出修復更新,請參考官方說明進行更新,網址如下: https://activemq.apache.org/security-advisories.data/CVE-2026-40466-announcement.txt
https://activemq.apache.org/security-advisories.data/CVE-2026-41044-announcement.txt

[參考資料]
1. https://nvd.nist.gov/vuln/detail/CVE-2026-40466
2. https://nvd.nist.gov/vuln/detail/CVE-2026-41044
3. https://activemq.apache.org/security-advisories.data/CVE-2026-40466-announcement.txt
4. https://activemq.apache.org/security-advisories.data/CVE-2026-41044-announcement.txt

Forwarded from the National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202605-00000002

[Content Description]
Researchers have discovered two high-risk security vulnerabilities (CVE-2026-40466 and CVE-2026-41044) in Apache ActiveMQ. These vulnerabilities include Improper Input Validation and Code Injection. Authenticated remote attackers could exploit these vulnerabilities to load malicious configuration files into ActiveMQ, thereby executing arbitrary code. Please confirm and patch these vulnerabilities as soon as possible.

[Affected Platforms]
Apache ActiveMQ Broker versions prior to 5.19.6
Apache ActiveMQ Broker versions 6.0.0 to 6.2.5 (excluding 6.2.5)
Apache ActiveMQ All versions prior to 5.19.6 (excluding 6.19.6)
Apache ActiveMQ All versions 6.0.0 to 6.2.5 (excluding 6.2.5)
Apache ActiveMQ versions prior to 5.19.6 (excluding 6.19.6)
Apache ActiveMQ versions 6.0.0 to 6.2.5 (excluding 6.2.5)

[Recommended Actions]
The official patch has been released. Please refer to the official instructions for updating. The URLs are as follows:
https://activemq.apache.org/security-advisories.data/CVE-2026-40466-announcement.txt
https://activemq.apache.org/security-advisories.data/CVE-2026-41044-announcement.txt

[References]
1. https://nvd.nist.gov/vuln/detail/CVE-2026-40466
2. https://nvd.nist.gov/vuln/detail/CVE-2026-41044
3. https://activemq.apache.org/security-advisories.data/CVE-2026-40466-announcement.txt
4. https://activemq.apache.org/security-advisories.data/CVE-2026-41044-announcement.txt


相關附件
【返回上頁】
Top↑