VYPR
High severity7.5NVD Advisory· Published Jan 27, 2021· Updated Jun 15, 2026

CVE-2021-26117

CVE-2021-26117

Description

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.activemq:activemq-parentMaven
>= 5.16.0, < 5.16.15.16.1
org.apache.activemq:activemq-parentMaven
< 5.15.145.15.14
org.apache.activemq:apache-artemisMaven
< 2.16.02.16.0

Affected products

4

Patches

Vulnerability mechanics

References

43

News mentions

0

No linked articles in our index yet.