Skip to main content

Apache Artemis

1 CVEs product

Monthly

CVE-2026-32642 Maven LOW PATCH Monitor

An incorrect authorization vulnerability exists in Apache Artemis and Apache ActiveMQ Artemis where the OpenWire protocol fails to properly enforce permission checks when creating non-durable JMS topic subscriptions on non-existent addresses. A user with only 'createDurableQueue' permission but lacking 'createAddress' permission can bypass authorization controls to create temporary addresses that should be denied, circumventing the intended security model when address auto-creation is disabled. This authentication bypass persists until the OpenWire connection closes and the temporary address is cleaned up.

Apache Authentication Bypass Apache Artemis Apache Activemq Artemis
NVD VulDB
CVSS 4.0
2.3
EPSS
0.0%
EPSS 0% CVSS 2.3
LOW PATCH Monitor

An incorrect authorization vulnerability exists in Apache Artemis and Apache ActiveMQ Artemis where the OpenWire protocol fails to properly enforce permission checks when creating non-durable JMS topic subscriptions on non-existent addresses. A user with only 'createDurableQueue' permission but lacking 'createAddress' permission can bypass authorization controls to create temporary addresses that should be denied, circumventing the intended security model when address auto-creation is disabled. This authentication bypass persists until the OpenWire connection closes and the temporary address is cleaned up.

Apache Authentication Bypass Apache Artemis +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy