PT-2026-44367 · Apache · Apache Activemq Artemis+1
Bugbunny.Ai
·
Published
2026-05-28
·
Updated
2026-05-29
·
CVE-2026-40914
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Artemis versions 2.50.0 through 2.53.0
Apache ActiveMQ Artemis versions 2.0.0 through 2.44.0
Description
An issue exists where an application using the STOMP (Simple Text Oriented Messaging Protocol) protocol can augment the routing-type of an address. This occurs when security credentials grant either consume or send permissions on an address, allowing the user to perform these operations with a routing-type not supported by the address, even without the
createAddress permission. Normally, such operations should be rejected if the user lacks the permission to change the routing-type.Recommendations
Upgrade Apache Artemis to version 2.54.0.
Upgrade Apache ActiveMQ Artemis to version 2.54.0.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Activemq Artemis
Apache Artemis