Skip to main content

Knime Business Hub EUVDEUVD-2026-14786

| CVE-2026-4649 MEDIUM
Missing Authentication for Critical Function (CWE-306)
2026-03-24 KNIME GHSA-c27m-9j97-3ghp
5.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber
Red Hat
6.1 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
1.17.4,1.15.2,1.16.3
EUVD ID Assigned
Mar 24, 2026 - 08:30 euvd
EUVD-2026-14786
Analysis Generated
Mar 24, 2026 - 08:30 vuln.today
CVE Published
Mar 24, 2026 - 08:15 nvd
MEDIUM 5.3

DescriptionCVE.org

Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows reading all messages exchanged via the broker and injection of new message ( CVE-2026-27446 https://www.cve.org/CVERecord ). Since KNIME Business Hub uses Apache Artemis it is also affected by the issue. However, since Apache Artemis is not exposed to the outside it requires at least normal user privileges and the ability to execute workflows in an executor. Such a user can install and register a federated mirror without authentication to the original Apache Artemis instance and thereby read all internal messages and inject new messages.

The issue affects all versions of KNIME Business Hub. A fixed version of Apache Artemis is shipped with versions 1.18.0, 1.17.4, and 1.16.3.

We recommend updating to a fixed version as soon as possible since no workaround is known.

AnalysisAI

Apache Artemis before version 2.52.0 contains an authentication bypass vulnerability (CVE-2026-27446) that allows attackers to read all messages exchanged via the broker and inject new messages. KNIME Business Hub, which embeds Apache Artemis, is affected across all versions, though exploitation requires an authenticated user with workflow execution privileges who can register a federated mirror without authenticating to the underlying Artemis instance. While no public exploit code has been disclosed and CVSS scoring is unavailable, the vulnerability represents a significant insider threat with direct impact on message confidentiality and integrity.

Technical ContextAI

Apache Artemis is a message broker that serves as the internal messaging backbone for KNIME Business Hub. The vulnerability stems from a missing authentication check (CWE-306: Missing Authentication for Critical Function) in the federation/mirroring mechanism of Artemis, allowing an authenticated KNIME user to bypass secondary authentication controls required to access the broker. The affected product is identified via CPE as cpe:2.3:a:knime:knime_business_hub:*:*:*:*:*:*:*:*, indicating all versions of KNIME Business Hub are in scope. The root cause is insufficient validation of federated mirror registration requests, enabling an attacker to establish unauthorized broker connections and access or manipulate the internal message queue without presenting valid Artemis credentials.

RemediationAI

Upgrade KNIME Business Hub to version 1.18.0, 1.17.4, or 1.16.3 or later, whichever aligns with your deployment branch. Consult the KNIME security advisory at https://www.knime.com/security/advisories#CVE-2026-4649 for detailed upgrade instructions. Until patching is feasible, implement network-level controls to restrict KNIME executor nodes to isolated network segments, enforce role-based access controls to limit workflow execution privileges to trusted users only, and monitor Artemis logs for unusual federated mirror registration attempts. Additionally, audit existing user accounts and revoke unnecessary workflow execution permissions from users who do not require them.

Vendor StatusVendor

Share

EUVD-2026-14786 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy