ROOT-APP-MAVEN-CVE-2025-27427 CVE-2025-27427 in io.root.org.apache.activemq:artemis-server - Patched by Root

Root has patched CVE-2025-27427 in the io.root.org.apache.activemq:artemis-server package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-27446 CVE-2026-27446 in io.root.org.apache.activemq:artemis-server - Patched by Root

Root has patched CVE-2026-27446 in the io.root.org.apache.activemq:artemis-server package for Root:Maven. Multiple fixed versions available...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.6 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.1.6 (RHSA-2026:18054)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18054 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...

Missing Authentication for Critical Function

Overview org.apache.activemq:artemis-server is a server package for the ActiveMQ-Artemis project. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the Core protocol implementation. A malicious broker can force a broker to establish an outbound...

io.quarkiverse.artemis:quarkus-test-artemis (>=3.12.0 <=3.12.1.CR1), org.apache.artemis:apache-artemis (>=2.50.0 <=2.51.0) +26 more potentially affected by CVE-2026-27446 via org.apache.artemis:artemis-server (>=2.50.0 <=2.51.0)

org.apache.artemis:artemis-server MAVEN version =2.50.0, =3.12.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.51.0 and more Source cves: CVE-2026-27446 Source advisory: OSV:GHSA-FW88-PF9M-P947...

io.quarkiverse.artemis:quarkus-test-artemis (>=3.12.0 <=3.12.1.CR1), org.apache.artemis:apache-artemis (>=2.50.0 <=2.51.0) +26 more potentially affected by CVE-2026-27446 via org.apache.artemis:artemis-server (>=2.50.0 <=2.51.0)

org.apache.artemis:artemis-server MAVEN version =2.50.0, =3.12.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.51.0 and more Source cves: CVE-2026-27446 Source advisory: SNYK:JAVA-ORGAPACHEARTEMIS-15423959...

Authorization Bypass

org.apache.activemq:artemis-server is vulnerable to Authorization Bypass. The vulnerability is due to improper permission enforcement due to users being able to augment the routing-type of an address without having the necessary createAddress permission, potentially allowing unauthorized message...

com.atomikos:transactions-spring-boot-integration-tests (>=5.0.9 <=6.0.1), com.atomikos:transactions-spring-boot3-integration-tests (>=6.0.0 <=6.0.1) +167 more potentially affected by CVE-2025-27391 via org.apache.activemq:artemis-server (>=1.5.1 <=2.3.0)

org.apache.activemq:artemis-server MAVEN version =1.5.1, =5.0.9, =6.0.0, =2.2.1, =2.2.1, =2.2.2, =2.2.1, =2018.9.23, =2018.12.15, =2018.9.23, =2018.9.23, =0.0.1, =0.0.2, =1.14.2, =2.0.0, =6u3 and more Source cves: CVE-2025-27391 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-9689864...

Incorrect Authorization

Overview org.apache.activemq:artemis-server is a server package for the ActiveMQ-Artemis project. Affected versions of this package are vulnerable to Incorrect Authorization in the createQueue method in ServerSessionImpl.java, which is invoked by the createDurableQueue and createNonDurableQueue...

com.atomikos:transactions-spring-boot-integration-tests (>=5.0.9 <=6.0.1), com.atomikos:transactions-spring-boot3-integration-tests (>=6.0.0 <=6.0.1) +158 more potentially affected by CVE-2025-27427 via org.apache.activemq:artemis-server (>=2.0.0 <=2.3.0)

org.apache.activemq:artemis-server MAVEN version =2.0.0, =5.0.9, =6.0.0, =2.2.1, =2.2.1, =2.2.2, =2.2.1, =2018.9.23, =2018.12.15, =2018.9.23, =2018.9.23, =0.0.1, =0.0.2, =1.14.2, =2.0.0, =6u3 and more Source cves: CVE-2025-27427 Source advisory: OSV:GHSA-3W85-5P9G-H334...

com.atomikos:transactions-spring-boot-integration-tests (>=5.0.9 <=6.0.1), com.atomikos:transactions-spring-boot3-integration-tests (>=6.0.0 <=6.0.1) +158 more potentially affected by CVE-2025-27427 via org.apache.activemq:artemis-server (>=2.0.0 <=2.3.0)

org.apache.activemq:artemis-server MAVEN version =2.0.0, =5.0.9, =6.0.0, =2.2.1, =2.2.1, =2.2.2, =2.2.1, =2018.9.23, =2018.12.15, =2018.9.23, =2018.9.23, =0.0.1, =0.0.2, =1.14.2, =2.0.0, =6u3 and more Source cves: CVE-2025-27427 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-9598037...

PT-2023-9583

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Artemis versions prior to 2.29.0 Description The issue is related to the exposure of diagnostic information and controls through MBeans, which are also accessible through the authenticated Jolokia endpoint. This includes the...

com.atomikos:transactions-spring-boot-integration-tests (>=5.0.9 <=6.0.1), com.hack23.cia:jms.broker (>=2019.9.14 <=2022.7.23) +151 more potentially affected by CVE-2022-35278 via org.apache.activemq:artemis-server (>=1.0.0 <=2.23.1)

org.apache.activemq:artemis-server MAVEN version =1.0.0, =5.0.9, =2019.9.14, =2019.9.14, =2019.9.14, =0.0.2, =1.14.2, =3.5.0, =1.1.4, =1.1.4, =4.2.8, =0.0.7, =0.0.11 and more Source cves: CVE-2022-35278 Source advisory: OSV:GHSA-CV6R-H2FM-PVRP...

Denial Of Service (DoS)

artemis-server is vulnerable to denial of service DoS through memory leaks. Writing a large paged message is not properly handled which causes a wrong way of subtraction of paging store size and global size, resulting in a disclosure of address size...