ROOT-APP-MAVEN-CVE-2026-27446 CVE-2026-27446 in io.root.org.apache.activemq:artemis-server - Patched by Root

Root has patched CVE-2026-27446 in the io.root.org.apache.activemq:artemis-server package for Root:Maven. Multiple fixed versions available...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.6 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.1.6 (RHSA-2026:18054)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18054 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...

Missing Authentication for Critical Function

Overview org.apache.activemq:artemis-server is a server package for the ActiveMQ-Artemis project. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the Core protocol implementation. A malicious broker can force a broker to establish an outbound...

io.fabric8.fab.tests:fab-itests (=1.1.0.Beta3), io.quarkiverse.artemis:quarkus-test-artemis (>=3.12.0 <=3.12.1.CR1) +27 more potentially affected by CVE-2026-27446 via org.apache.artemis:artemis-server (>=2.50.0 <=2.51.0)

org.apache.artemis:artemis-server MAVEN version =2.50.0, =3.12.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.51.0 and more Source cves: CVE-2026-27446 Source advisory: OSV:GHSA-FW88-PF9M-P947...

io.fabric8.fab.tests:fab-itests (=1.1.0.Beta3), io.quarkiverse.artemis:quarkus-test-artemis (>=3.12.0 <=3.12.1.CR1) +27 more potentially affected by CVE-2026-27446 via org.apache.artemis:artemis-server (>=2.50.0 <=2.51.0)

org.apache.artemis:artemis-server MAVEN version =2.50.0, =3.12.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.51.0 and more Source cves: CVE-2026-27446 Source advisory: SNYK:JAVA-ORGAPACHEARTEMIS-15423959...

Authorization Bypass

org.apache.activemq:artemis-server is vulnerable to Authorization Bypass. The vulnerability is due to improper permission enforcement due to users being able to augment the routing-type of an address without having the necessary createAddress permission, potentially allowing unauthorized message...

com.atomikos:transactions-spring-boot-integration-tests (>=5.0.9 <=6.0.1), com.atomikos:transactions-spring-boot3-integration-tests (>=6.0.0 <=6.0.1) +167 more potentially affected by CVE-2025-27391 via org.apache.activemq:artemis-server (>=1.5.1 <=2.3.0)

org.apache.activemq:artemis-server MAVEN version =1.5.1, =5.0.9, =6.0.0, =2.2.1, =2.2.1, =2.2.2, =2.2.1, =2018.9.23, =2018.12.15, =2018.9.23, =2018.9.23, =0.0.1, =0.0.2, =1.14.2, =2.0.0, =6u3 and more Source cves: CVE-2025-27391 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-9689864...

Incorrect Authorization

Overview org.apache.activemq:artemis-server is a server package for the ActiveMQ-Artemis project. Affected versions of this package are vulnerable to Incorrect Authorization in the createQueue method in ServerSessionImpl.java, which is invoked by the createDurableQueue and createNonDurableQueue...

com.atomikos:transactions-spring-boot-integration-tests (>=5.0.9 <=6.0.1), com.atomikos:transactions-spring-boot3-integration-tests (>=6.0.0 <=6.0.1) +158 more potentially affected by CVE-2025-27427 via org.apache.activemq:artemis-server (>=2.0.0 <=2.3.0)

org.apache.activemq:artemis-server MAVEN version =2.0.0, =5.0.9, =6.0.0, =2.2.1, =2.2.1, =2.2.2, =2.2.1, =2018.9.23, =2018.12.15, =2018.9.23, =2018.9.23, =0.0.1, =0.0.2, =1.14.2, =2.0.0, =6u3 and more Source cves: CVE-2025-27427 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-9598037...

com.atomikos:transactions-spring-boot-integration-tests (>=5.0.9 <=6.0.1), com.atomikos:transactions-spring-boot3-integration-tests (>=6.0.0 <=6.0.1) +158 more potentially affected by CVE-2025-27427 via org.apache.activemq:artemis-server (>=2.0.0 <=2.3.0)

org.apache.activemq:artemis-server MAVEN version =2.0.0, =5.0.9, =6.0.0, =2.2.1, =2.2.1, =2.2.2, =2.2.1, =2018.9.23, =2018.12.15, =2018.9.23, =2018.9.23, =0.0.1, =0.0.2, =1.14.2, =2.0.0, =6u3 and more Source cves: CVE-2025-27427 Source advisory: OSV:GHSA-3W85-5P9G-H334...

PT-2023-9583 · Apache · Apache Activemq Artemis +1

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ Artemis versions prior to 2.29.0 Description: The issue is related to the exposure of diagnostic information and controls through MBeans, which are also accessible through the authenticated Jolokia endpoint. This includes the...

com.atomikos:transactions-spring-boot-integration-tests (>=5.0.9 <=6.0.1), com.hack23.cia:jms.broker (>=2019.9.14 <=2022.7.23) +151 more potentially affected by CVE-2022-35278 via org.apache.activemq:artemis-server (>=1.0.0 <=2.23.1)

org.apache.activemq:artemis-server MAVEN version =1.0.0, =5.0.9, =2019.9.14, =2019.9.14, =2019.9.14, =0.0.2, =1.14.2, =3.5.0, =1.1.4, =1.1.4, =4.2.8, =0.0.7, =0.0.11 and more Source cves: CVE-2022-35278 Source advisory: OSV:GHSA-CV6R-H2FM-PVRP...

Denial Of Service (DoS)

artemis-server is vulnerable to denial of service DoS through memory leaks. Writing a large paged message is not properly handled which causes a wrong way of subtraction of paging store size and global size, resulting in a disclosure of address size...