435 matches found
CVE-2026-41001
A flaw was found in Spring Boot. The ArtemisEmbeddedConfigurationFactory component uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can exploit this by pre-creating this predictable directory ...
K000162017: Apache Artemis vulnerability CVE-2026-27446
Security Advisory Description Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an...
ROOT-APP-MAVEN-CVE-2025-27427 CVE-2025-27427 in io.root.org.apache.activemq:artemis-server - Patched by Root
Root has patched CVE-2025-27427 in the io.root.org.apache.activemq:artemis-server package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-27446 CVE-2026-27446 in io.root.org.apache.activemq:artemis-server - Patched by Root
Root has patched CVE-2026-27446 in the io.root.org.apache.activemq:artemis-server package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-27391 CVE-2025-27391 in io.root.org.apache.activemq:artemis-project - Patched by Root
Root has patched CVE-2025-27391 in the io.root.org.apache.activemq:artemis-project package for Root:Maven. Multiple fixed versions available...
CVE-2026-41001
Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...
CVE-2026-41001 Predictable Temp Directory in Artemis Auto-configuration
Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...
EUVD-2026-36211
Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...
CVE-2026-41001
CVE-2026-41001 affects Spring Boot’s ArtemisEmbeddedConfigurationFactory, which uses a fixed, static path for the embedded Artemis broker data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before appli...
CVE-2026-41001 Predictable Temp Directory in Artemis Auto-configuration
Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...
PT-2026-48624
Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...
VMware Spring Boot 安全漏洞
VMware Spring Boot is an open-source framework developed by the American company VMware. There are security vulnerabilities in versions 4.0.0 to 4.0.6, 3.5.0 to 3.5.14, 3.4.0 to 3.4.16, 3.3.0 to 3.3.19, and 2.7.0 to 2.7.33 of VMware Spring Boot. These vulnerabilities stem from the use of fixed...
cve-2026-41001 - MEDIUM - Predictable Temp Directory in Artemis Auto-configuration
cve-2026-41001 - MEDIUM - Predictable Temp Directory in Artemis Auto-configuration...
Insecure Temporary File
Overview Affected versions of this package are vulnerable to Insecure Temporary File via the default data directory configuration in ArtemisEmbeddedConfigurationFactory. A local attacker can tamper with or redirect the embedded Artemis broker's data storage by pre-creating the predictable data...
CVE-2026-40914
A flaw was found in Apache ActiveMQ Artemis. An authenticated user, with existing permissions to send or consume messages via the STOMP protocol, could bypass intended access controls. This vulnerability allows the user to modify the routing-type of an address, even without the necessary...
Apache Artemis 2.0.0 < 2.54.0 Incorrect Authorization (CVE-2026-40914)
The version of Apache Artemis formerly Apache ActiveMQ Artemis installed on the remote host is affected by a vulnerability: - A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an...
GHSA-RF99-F9J2-GV3F Apache Artemis has an Incorrect Authorization issue
A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...
com.io7m.jsay:com.io7m.jsay (>=0.0.2 <=1.0.0), com.jkoolcloud.tnt4j.streams:tnt4j-streams-jms (>=1.14.2 <=2.3.0) +6 more potentially affected by CVE-2026-40914 via org.apache.activemq:artemis-stomp-protocol (>=2.0.0 <=2.4.0)
org.apache.activemq:artemis-stomp-protocol MAVEN version =2.0.0, =0.0.2, =1.14.2, =4.2.8, =2.0.0, =2.0.0, =2.31.1, =2.29.0, =2.44.0 Source cves: CVE-2026-40914 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-17116517...
org.apache.artemis:apache-artemis (>=2.50.0 <=2.53.0), org.apache.artemis:artemis-features (>=2.50.0 <=2.53.0) +1 more potentially affected by CVE-2026-40914 via org.apache.artemis:artemis-stomp-protocol (>=2.50.0 <=2.53.0)
org.apache.artemis:artemis-stomp-protocol MAVEN version =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.53.0 Source cves: CVE-2026-40914 Source advisory: SNYK:JAVA-ORGAPACHEARTEMIS-17116516...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the updateAddressInfo and createAddress methods. A user with consume or send permssions can modify the routing-type of an address - e.g. from ANYCAST to MULTICAST. Remediation Upgrade...