57 matches found
CVE-2026-50734
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, and Apache ActiveMQ All allows an unauthenticated network attacker to cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The broker may allocate memor...
CVE-2026-50750 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...
CVE-2026-53917
CVE-2026-53917 describes an unbounded memory allocation vulnerability in OpenWire property unmarshalling in Apache ActiveMQ and related builds. An authenticated user can send a crafted OpenWire Message with a very large encoded size value for a message property map, causing OpenWire maps to be un...
Linux Distros Unpatched Vulnerability : CVE-2026-32642
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to crea...
org.apache.artemis:apache-artemis (>=2.50.0 <=2.52.0), org.apache.artemis:artemis-features (>=2.50.0 <=2.52.0) +1 more potentially affected by CVE-2026-32642 via org.apache.artemis:artemis-openwire-protocol (>=2.50.0 <=2.52.0)
org.apache.artemis:artemis-openwire-protocol MAVEN version =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.52.0 Source cves: CVE-2026-32642 Source advisory: SNYK:JAVA-ORGAPACHEARTEMIS-15791525...
com.io7m.jsay:com.io7m.jsay (=0.0.2), com.jkoolcloud.tnt4j.streams:tnt4j-streams-jms (>=1.14.2 <=2.3.0) +5 more potentially affected by CVE-2026-32642 via org.apache.activemq:artemis-openwire-protocol (>=2.0.0 <=2.4.0)
org.apache.activemq:artemis-openwire-protocol MAVEN version =2.0.0, =1.14.2, =0.1.0, =0.1.0, =2.0.0, =2.31.1, =2.29.0, =2.44.0 Source cves: CVE-2026-32642 Source advisory: OSV:GHSA-F4GC-MWRG-Q36R...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the OpenWire protocol when an authenticated user with the createDurableQueue permission but without the createAddress permission attempts to create a non-durable JMS topic subscription on a non-existent addres...
Incorrect Authorization
Overview org.apache.activemq:artemis-openwire-protocol is a package for activemq. Affected versions of this package are vulnerable to Incorrect Authorization in the OpenWire protocol when an authenticated user with the createDurableQueue permission but without the createAddress permission attempt...
com.io7m.jsay:com.io7m.jsay (=0.0.2), com.jkoolcloud.tnt4j.streams:tnt4j-streams-jms (>=1.14.2 <=2.3.0) +5 more potentially affected by CVE-2026-32642 via org.apache.activemq:artemis-openwire-protocol (>=2.0.0 <=2.4.0)
org.apache.activemq:artemis-openwire-protocol MAVEN version =2.0.0, =1.14.2, =0.1.0, =0.1.0, =2.0.0, =2.31.1, =2.29.0, =2.44.0 Source cves: CVE-2026-32642 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15791526...
org.apache.artemis:apache-artemis (>=2.50.0 <=2.52.0), org.apache.artemis:artemis-features (>=2.50.0 <=2.52.0) +1 more potentially affected by CVE-2026-32642 via org.apache.artemis:artemis-openwire-protocol (>=2.50.0 <=2.52.0)
org.apache.artemis:artemis-openwire-protocol MAVEN version =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.52.0 Source cves: CVE-2026-32642 Source advisory: OSV:GHSA-F4GC-MWRG-Q36R...
GHSA-F4GC-MWRG-Q36R Apache Artemis: Unauthorized Temporary Address Creation via OpenWire Protocol
Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...
Apache Artemis: Unauthorized Temporary Address Creation via OpenWire Protocol
Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...
CVE-2026-32642
Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...
UBUNTU-CVE-2026-32642
Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...
CVE-2026-32642
Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...
CVE-2026-32642
CVE-2026-32642 is an authorization bypass in Apache Artemis/ActiveMQ Artemis OpenWire handling: when an authenticated user with createDurableQueue but without createAddress attempts to create a non-durable JMS topic subscription on a non-existent address and address auto-creation is disabled, a t...
CVE-2026-32642 Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission
Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...
CVE-2026-32642 Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission
Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...
CVE-2026-32642 Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission
Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...
PT-2026-26884
Name of the Vulnerable Software and Affected Versions Apache Artemis versions 2.50.0 through 2.52.0 Apache ActiveMQ Artemis versions 2.0.0 through 2.44.0 Description An authorization issue exists in Apache Artemis and Apache ActiveMQ Artemis. Specifically, when an application utilizing the OpenWi...