top of page
  • Petr Pospíšil

CVE-2023-46604: Apache ActiveMQ vulnerable to RCE.

A critical remote code execution (RCE) vulnerability has been found in Apache ActiveMQ, and here are the key details you need to know:

Important Facts

  • Severity: This is a critical vulnerability with a maximum CVSS v3 score of 10.0.

  • Impacted Versions: The flaw affects versions of Apache ActiveMQ and Legacy OpenWire Module including 5.18.x, 5.17.x, 5.16.x, and all versions before 5.15.16.

  • Exploit Details: Attackers can remotely execute arbitrary shell commands by manipulating serialized class types in the OpenWire protocol.

  • Patching and Mitigation: To fix this issue, upgrade your Apache ActiveMQ to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3.



As of now, over 3,000 exposed Apache ActiveMQ servers are at risk. Ensure you take immediate action to safeguard your system against this critical vulnerability.

bottom of page