3 matches found
CVE-2025-27427
CVE-2025-27427 affects Apache ActiveMQ Artemis 2.0.0–2.39.0. A user with createDurableQueue or createNonDurableQueue permissions can augment the routing-type of an address without createAddress permission, and with send permission plus automatic queue creation could send messages using a routing-...
CVE-2026-40914
CVE-2026-40914 describes a vulnerability in Apache Artemis (and Apache ActiveMQ Artemis) where a STOMP-authenticated user with either consume or send permission on an address can augment the address routing-type without having createAddress permission for that address. This allows sending or cons...
CVE-2026-32642
CVE-2026-32642 is an authorization bypass in Apache Artemis/ActiveMQ Artemis OpenWire handling: when an authenticated user with createDurableQueue but without createAddress attempts to create a non-durable JMS topic subscription on a non-existent address and address auto-creation is disabled, a t...