Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM heap. This issue affects Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ Stomp: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2026-53916 exploits a memory allocation vulnerability in Apache ActiveMQ's STOMP protocol implementation, where unauthenticated clients can send indefinitely long header bytes that the broker buffers without limits. This causes progressive JVM heap exhaustion, leading to denial of service. The vulnerability affects ActiveMQ versions before 5.19.8 and 6.0.0 through 6.2.6, making any organization running these versions vulnerable to remote, unauthenticated attacks. The lack of authentication requirements means this can be exploited by any network-adjacent attacker with connectivity to the STOMP port, making it a critical availability risk for message broker infrastructure.
While this CVE does not map directly to established MITRE ATT&CK techniques, Casky's AI-driven analysis would detect attack patterns associated with resource exhaustion and protocol abuse. Practitioners using Casky would identify reconnaissance indicators (connection attempts to standard STOMP ports), followed by anomalous header transmission patterns showing progressively larger or non-terminating payloads. The extended reasoning capabilities would correlate these observations with CWE-789 (Memory Allocation with Excessive Size Value), helping security teams recognize the characteristic signature of unbounded buffering attacks. Detection rules would flag unusual STOMP session behavior—specifically clients that open connections but fail to properly complete protocol handshakes while transmitting excessive header data—enabling early intervention before heap exhaustion becomes critical.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-53916. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation