CVE-2026-33227MEDIUMCVSS 4.3fixed in 5.19.3·≥ 6.0.0, < 6.2.22026-04-07
CVE-2026-33227 [MEDIUM] CWE-22 CVE-2026-33227: Improper validation and restriction of a classpath path name vulnerability in
Apache ActiveMQ Cli
Improper validation and restriction of a classpath path name vulnerability in
Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ.
In two instances (when creating a Stomp consumer and also browsing messages in the Web console) an authenticated user provided "key" value could be constructed to t
cvelistv5nvd