CVE-2026-40914
- EPSS 0.37%
- Veröffentlicht 28.05.2026 12:28:25
- Zuletzt bearbeitet 15.06.2026 13:03:40
A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user...
CVE-2026-32642
- EPSS 0.47%
- Veröffentlicht 24.03.2026 08:16:01
- Zuletzt bearbeitet 15.06.2026 13:03:40
Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authent...
CVE-2026-27446
- EPSS 10.63%
- Veröffentlicht 04.03.2026 08:48:48
- Zuletzt bearbeitet 30.06.2026 03:17:55
Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection...
CVE-2025-58712
- EPSS 0.19%
- Veröffentlicht 22.10.2025 18:19:06
- Zuletzt bearbeitet 15.04.2026 00:35:42
A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands with...
CVE-2025-27391
- EPSS 0.36%
- Veröffentlicht 09.04.2025 15:16:02
- Zuletzt bearbeitet 15.06.2026 13:03:40
Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. ...
CVE-2025-27427
- EPSS 0.58%
- Veröffentlicht 01.04.2025 08:15:13
- Zuletzt bearbeitet 15.06.2026 13:03:40
A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress per...