Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber
Primary rating from NVD.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber
Lifecycle Timeline
4DescriptionCVE.org
Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows reading all messages exchanged via the broker and injection of new message ( CVE-2026-27446 https://www.cve.org/CVERecord ). Since KNIME Business Hub uses Apache Artemis it is also affected by the issue. However, since Apache Artemis is not exposed to the outside it requires at least normal user privileges and the ability to execute workflows in an executor. Such a user can install and register a federated mirror without authentication to the original Apache Artemis instance and thereby read all internal messages and inject new messages.
The issue affects all versions of KNIME Business Hub. A fixed version of Apache Artemis is shipped with versions 1.18.0, 1.17.4, and 1.16.3.
We recommend updating to a fixed version as soon as possible since no workaround is known.
AnalysisAI
Apache Artemis before version 2.52.0 contains an authentication bypass vulnerability (CVE-2026-27446) that allows attackers to read all messages exchanged via the broker and inject new messages. KNIME Business Hub, which embeds Apache Artemis, is affected across all versions, though exploitation requires an authenticated user with workflow execution privileges who can register a federated mirror without authenticating to the underlying Artemis instance. While no public exploit code has been disclosed and CVSS scoring is unavailable, the vulnerability represents a significant insider threat with direct impact on message confidentiality and integrity.
Technical ContextAI
Apache Artemis is a message broker that serves as the internal messaging backbone for KNIME Business Hub. The vulnerability stems from a missing authentication check (CWE-306: Missing Authentication for Critical Function) in the federation/mirroring mechanism of Artemis, allowing an authenticated KNIME user to bypass secondary authentication controls required to access the broker. The affected product is identified via CPE as cpe:2.3:a:knime:knime_business_hub:*:*:*:*:*:*:*:*, indicating all versions of KNIME Business Hub are in scope. The root cause is insufficient validation of federated mirror registration requests, enabling an attacker to establish unauthorized broker connections and access or manipulate the internal message queue without presenting valid Artemis credentials.
RemediationAI
Upgrade KNIME Business Hub to version 1.18.0, 1.17.4, or 1.16.3 or later, whichever aligns with your deployment branch. Consult the KNIME security advisory at https://www.knime.com/security/advisories#CVE-2026-4649 for detailed upgrade instructions. Until patching is feasible, implement network-level controls to restrict KNIME executor nodes to isolated network segments, enforce role-based access controls to limit workflow execution privileges to trusted users only, and monitor Artemis logs for unusual federated mirror registration attempts. Additionally, audit existing user accounts and revoke unnecessary workflow execution permissions from users who do not require them.
Same technique Authentication Bypass
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14786
GHSA-c27m-9j97-3ghp