Bug 2482679 (CVE-2026-40914) - CVE-2026-40914 activemq-artemis: org.apache.artemis/artemis-stomp-protocol: Apache ActiveMQ Artemis: Authorization bypass allows unauthorized routing-type modification
Summary: CVE-2026-40914 activemq-artemis: org.apache.artemis/artemis-stomp-protocol: A...
Keywords:
Status: NEW
Alias: CVE-2026-40914
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-28 13:01 UTC by OSIDB Bzimport
Modified: 2026-07-06 11:29 UTC (History)
25 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-05-28 13:01:23 UTC
A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for that particular address. A user could successfully send a message to an address or consume a message from a queue with a routing-type not supported by the corresponding address when that operation should actually be rejected on the basis that the user doesn't have permission to change the routing-type of the address. Even though the user was already granted permission to send and/or consume messages, they should not be able to augment the routing-type of the address without the createAddress permission.



This issue affects Apache Artemis: from 2.50.0 through 2.53.0; Apache ActiveMQ Artemis: from 2.0.0 through 2.44.0.

Users are recommended to upgrade to version 2.54.0, which fixes the issue.


Note You need to log in before you can comment on or make changes to this bug.