PT-2026-27354 · Knime+1 · Knime Business Hub+1
Published
2026-03-24
·
Updated
2026-03-24
·
CVE-2026-4649
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber |
Name of the Vulnerable Software and Affected Versions
Apache Artemis versions prior to 2.52.0
KNIME Business Hub (affected versions not specified)
Description
An authentication bypass flaw exists in Apache Artemis, potentially allowing unauthorized access to messages exchanged through the broker and the injection of new messages. This issue impacts KNIME Business Hub as it utilizes Apache Artemis. Exploitation requires at least normal user privileges and the ability to execute workflows within an executor. An attacker with these privileges can register a federated mirror without authentication, enabling them to read internal messages and inject new ones.
Recommendations
Update Apache Artemis to version 2.52.0 or later.
Update KNIME Business Hub to version 1.18.0, 1.17.4, or 1.16.3.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Artemis
Knime Business Hub