CVE-2026-40046: CWE-190 Integer Overflow or Wraparound in Apache Software Foundation Apache ActiveMQ
An integer overflow or wraparound vulnerability exists in Apache ActiveMQ versions 6. 0. 0 up to but not including 6. 2. 4, including Apache ActiveMQ All and Apache ActiveMQ MQTT. This issue stems from a missed fix in versions 6. 0. 0 and later for a previously addressed vulnerability in version 5. 19. 2 and above.
AI Analysis
Technical Summary
CVE-2026-40046 is an integer overflow or wraparound vulnerability affecting Apache ActiveMQ versions starting from 6.0.0 before 6.2.4, including Apache ActiveMQ All and Apache ActiveMQ MQTT. The vulnerability relates to improper validation of the MQTT control packet remaining length field, a fix for which was applied only to the 5.19.2 and later 5.19.x releases but was missed in the 6.0.0+ versions. This oversight allows the vulnerability to persist in these later versions until fixed in 6.2.4.
Potential Impact
The vulnerability could potentially allow issues related to integer overflow or wraparound in the MQTT control packet processing within affected Apache ActiveMQ versions. The exact impact is not detailed in the provided data, and no known exploits in the wild have been reported. However, integer overflow vulnerabilities can lead to unexpected behavior, including crashes or potential security bypasses depending on context.
Mitigation Recommendations
Users should upgrade Apache ActiveMQ to version 6.2.4 or to a 5.19.x version starting with 5.19.2 or later (currently 5.19.5) where the issue has been fixed. Patch status is confirmed by the vendor advisory indicating these versions contain the fix. No other mitigation steps are specified.
CVE-2026-40046: CWE-190 Integer Overflow or Wraparound in Apache Software Foundation Apache ActiveMQ
Description
An integer overflow or wraparound vulnerability exists in Apache ActiveMQ versions 6. 0. 0 up to but not including 6. 2. 4, including Apache ActiveMQ All and Apache ActiveMQ MQTT. This issue stems from a missed fix in versions 6. 0. 0 and later for a previously addressed vulnerability in version 5. 19. 2 and above.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-40046 is an integer overflow or wraparound vulnerability affecting Apache ActiveMQ versions starting from 6.0.0 before 6.2.4, including Apache ActiveMQ All and Apache ActiveMQ MQTT. The vulnerability relates to improper validation of the MQTT control packet remaining length field, a fix for which was applied only to the 5.19.2 and later 5.19.x releases but was missed in the 6.0.0+ versions. This oversight allows the vulnerability to persist in these later versions until fixed in 6.2.4.
Potential Impact
The vulnerability could potentially allow issues related to integer overflow or wraparound in the MQTT control packet processing within affected Apache ActiveMQ versions. The exact impact is not detailed in the provided data, and no known exploits in the wild have been reported. However, integer overflow vulnerabilities can lead to unexpected behavior, including crashes or potential security bypasses depending on context.
Mitigation Recommendations
Users should upgrade Apache ActiveMQ to version 6.2.4 or to a 5.19.x version starting with 5.19.2 or later (currently 5.19.5) where the issue has been fixed. Patch status is confirmed by the vendor advisory indicating these versions contain the fix. No other mitigation steps are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apache
- Date Reserved
- 2026-04-08T15:21:53.253Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d7d5661cc7ad14daeeafc1
Added to database: 4/9/2026, 4:35:50 PM
Last enriched: 4/9/2026, 4:51:00 PM
Last updated: 4/9/2026, 6:15:22 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.