Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

15 matches found

RedhatCVE
RedhatCVEadded yesterday4 views

CVE-2026-40914

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

4.3CVSS5.5AI score0.00138EPSS
Exploits0References1
NVD
NVDadded 2026/05/28 1:16 p.m.8 views

CVE-2026-40914

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

4.3CVSS0.00138EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/28 12:28 p.m.26 views

CVE-2026-40914 Apache Artemis Stomp Protocol, Apache ActiveMQ Artemis Stomp Protocol: Address routing-type can be updated by STOMP protocol user without the createAddress permission

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

0.00138EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/28 12:28 p.m.10 views

EUVD-2026-32894

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

5.8AI score0.00138EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/28 12:28 p.m.4 views

CVE-2026-40914

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

5.8AI score0.00138EPSS
Exploits0References2Affected Software2
CVE
CVEadded 2026/05/28 12:28 p.m.15 views

CVE-2026-40914

CVE-2026-40914 describes a vulnerability in Apache Artemis (and Apache ActiveMQ Artemis) where a STOMP-authenticated user with either consume or send permission on an address can augment the address routing-type without having createAddress permission for that address. This allows sending or cons...

4.3CVSS5.8AI score0.00138EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.8 views

PT-2026-44367

Name of the Vulnerable Software and Affected Versions Apache Artemis versions 2.50.0 through 2.53.0 Apache ActiveMQ Artemis versions 2.0.0 through 2.44.0 Description An issue exists where an application using the STOMP Simple Text Oriented Messaging Protocol protocol can augment the routing-type ...

4.3CVSS5.8AI score0.00138EPSS
Exploits0References6
RedHat Linux
RedHat Linuxadded 2026/04/16 3:32 p.m.0 views

Apache Artemis: Apache ActiveMQ Artemis: Apache Artemis and Apache ActiveMQ Artemis: Unauthorized address creation due to incorrect authorization during JMS topic subscription.

A flaw was found in Apache Artemis and Apache ActiveMQ Artemis. An authenticated user can exploit this incorrect authorization vulnerability by attempting to create a non-durable Java Message Service JMS topic subscription on an address that does not exist. If the user has "createDurableQueue"...

4.3CVSS5.7AI score0.00029EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/03/24 11:54 a.m.4 views

CVE-2026-32642

A flaw was found in Apache Artemis and Apache ActiveMQ Artemis. An authenticated user can exploit this incorrect authorization vulnerability by attempting to create a non-durable Java Message Service JMS topic subscription on an address that does not exist. If the user has "createDurableQueue"...

4.3CVSS5.7AI score0.00029EPSS
Exploits0References5
Snyk
Snykadded 2026/03/24 9:30 a.m.1 views

Incorrect Authorization

Overview org.apache.activemq:artemis-openwire-protocol is a package for activemq. Affected versions of this package are vulnerable to Incorrect Authorization in the OpenWire protocol when an authenticated user with the createDurableQueue permission but without the createAddress permission attempt...

4.3CVSS5.9AI score0.00029EPSS
Exploits0References2
OSV
OSVadded 2026/03/24 9:30 a.m.1 views

GHSA-F4GC-MWRG-Q36R Apache Artemis: Unauthorized Temporary Address Creation via OpenWire Protocol

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

2.3CVSS5.8AI score0.00029EPSS
Exploits0References4
Snyk
Snykadded 2026/03/24 9:30 a.m.0 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the OpenWire protocol when an authenticated user with the createDurableQueue permission but without the createAddress permission attempts to create a non-durable JMS topic subscription on a non-existent addres...

4.3CVSS5.9AI score0.00029EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/24 7:53 a.m.2 views

CVE-2026-32642

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

2.3CVSS5.8AI score0.00029EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichmentadded 2026/03/24 7:53 a.m.3 views

CVE-2026-32642 Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

2.3CVSS5.8AI score0.00029EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/03/21 12:0 a.m.3 views

PT-2026-26884

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

2.3CVSS5.8AI score0.00029EPSS
Exploits0References3
Rows per page
Query Builder