¡¾Â©¶´Í¨¸æ¡¿Apache ActiveMQÔ¶³Ì´úÂëÖ´ÐЩ¶´(CVE-2026-42588)
·¢²¼Ê±¼ä 2026-06-02Ò»¡¢Â©¶´¸ÅÊö

Apache ActiveMQÊÇÒ»¿îÓÉApacheÈí¼þ»ù½ð»á¿ª·¢µÄ¿ªÔ´ÏûÏ¢Öмä¼þ£¬Ö§³ÖJMS¡¢AMQP¡¢MQTT¡¢STOMPµÈ¶àÖÖÏûÏ¢ÐÒé¡£ËüÓÃÓÚ¹¹½¨¸ß¿É¿¿µÄÒì²½ÏûÏ¢´«µÝϵͳ£¬ÊµÏÖÓ¦ÓüäµÄ½âñîÓëÒ첽ͨÐÅ£¬¹ã·ºÓ¦ÓÃÓÚÆóÒµ¼¶ÏûÏ¢¶ÓÁС¢·Ö²¼Ê½ÏµÍ³Óë΢·þÎñ¼Ü¹¹ÖС£
2026Äê6ÔÂ2ÈÕ£¬mansion88Ã÷Éý°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄ£¨VSRC£©¼à²âµ½Apache ActiveMQÔ¶³Ì´úÂëÖ´ÐЩ¶´¡£¸Ã©¶´Ô´ÓÚWeb ConsoleĬÈϱ©Â¶µÄ/api/jolokia/JMX-HTTPÇŽӽӿڶÔÊäÈë²ÎÊýУÑé²»×㣬ÇÒĬÈÏJolokia·ÃÎʲßÂÔÔÊÐíµ÷ÓÃorg.apache.activemq:*Ïà¹ØMBeanµÄexec²Ù×÷¡£¾¹ýÉí·ÝÈÏÖ¤µÄ¹¥»÷Õß¿Éͨ¹ý¹¹Ôì¶ñÒâmasterslave://·¢ÏÖURI£¬´¥·¢VM TransportÖеÄbrokerConfig²ÎÊý¼ÓÔØSpring ResourceXmlApplicationContext£¬´Ó¶øÔÚBrokerServiceÍê³ÉÅäÖÃУÑéǰʵÀý»¯¶ñÒâBean²¢Ö´ÐÐRuntime.exec()µÈ·½·¨£¬×îÖÕÔÚBroker JVMÖÐʵÏÖÔ¶³Ì´úÂëÖ´ÐС£¹¥»÷Õ߳ɹ¦ÀûÓúó¿É½øÒ»²½¿ØÖÆÏûÏ¢·þÎñ¡¢ÇÔȡҵÎñÊý¾Ý»òºáÏòÉøÍ¸ÄÚ²¿ÏµÍ³¡£
¶þ¡¢Ó°Ï췶Χ
Apache ActiveMQ Broker < 5.19.7
6.0.0 <= Apache ActiveMQ Broker < 6.2.6
Apache ActiveMQ All < 5.19.7
6.0.0 <= Apache ActiveMQ All < 6.2.6
Apache ActiveMQ < 5.19.7
6.0.0 <= Apache ActiveMQ < 6.2.6
Èý¡¢°²È«´ëÊ©
3.1 Éý¼¶°æ±¾
¹Ù·½ÒÑ·¢²¼ÐÞ¸´²¹¶¡£¬ÒÔÐÞ¸´¸Ã©¶´¡£
Apache ActiveMQ Broker >= 5.19.7
Apache ActiveMQ All >= 5.19.7
Apache ActiveMQ >= 5.19.7
»òÉý¼¶ÖÁ£º
Apache ActiveMQ Broker >= 6.2.6
Apache ActiveMQ All >= 6.2.6
Apache ActiveMQ >= 6.2.6
ÏÂÔØÁ´½Ó£º
https://activemq.apache.org/
3.2 ÁÙʱ´ëÊ©
ÔÝÎÞ¡£
3.3 ͨÓý¨Òé
¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬¼õÉÙϵͳ©¶´£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£
¼ÓǿϵͳºÍÍøÂçµÄ·ÃÎÊ¿ØÖÆ£¬Ð޸ķÀ»ðǽ²ßÂÔ£¬¹Ø±Õ·Ç±ØÒªµÄÓ¦Óö˿ڻò·þÎñ£¬¼õÉÙ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©±©Â¶µ½¹«Íø£¬¼õÉÙ¹¥»÷Ãæ¡£
ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫÐÔÄÜ¡£
¼ÓǿϵͳÓû§ºÍȨÏÞ¹ÜÀí£¬ÆôÓöàÒòËØÈÏÖ¤»úÖÆºÍ×îСȨÏÞÔÔò£¬Óû§ºÍÈí¼þȨÏÞÓ¦±£³ÖÔÚ×îµÍÏÞ¶È¡£
ÆôÓÃÇ¿ÃÜÂë²ßÂÔ²¢ÉèÖÃΪ¶¨ÆÚÐ޸ġ£
3.4 ²Î¿¼Á´½Ó
https://nvd.nist.gov/vuln/detail/CVE-2026-42588/
https://lists.apache.org/thread/ns0zktfo16s9ql2mmtqtlb6p6xcs45xm


¾©¹«Íø°²±¸11010802024551ºÅ