CVE-2023-33246: Critical RCE Vulnerability in Apache RocketMQ

Share :


On May 23, 2023, Apache patched a critical-severity remote code execution (RCE) vulnerability in Apache RocketMQ. Several components of RocketMQ, including the NameServer, Broker, and Controller, are exposed to the Internet and do not have permission verification. A threat actor could exploit CVE-2023-33246 by forging the RocketMQ protocol content or using the update configuration function to execute commands as the system users that RocketMQ is running as.

Multiple threat actors have actively exploited this vulnerability since at least June 2023 to obtain initial access and deploy DreamBus, a Linux-based botnet. Shortly after, CISA added the vulnerability to their Known Exploited Vulnerabilities catalog.

Recommendations for CVE-2023-33246

Upgrade to a Patched Version of RocketMQ

Arctic Wolf strongly recommends upgrading to a patched version of RocketMQ.


Vulnerable Version

Fixed Version

Apache RocketMQ

RocketMQ through 5.1.0

5.1.1 or above

Apache RocketMQ

RocketMQ through 4.9.5

4.9.6 or above


Please follow your organization’s patching and testing guidelines to avoid operational impact.


  1. Apache RocketMQ
  2. Juniper
Picture of Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.
Share :
Table of Contents
Subscribe to our Monthly Newsletter