Maven package

org.apache.activemq/artemis-server

pkg:maven/org.apache.activemq/artemis-server

Vulnerabilities (3)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-27446	Cri	9.8	>= 2.11.0, <= 2.44.0	—	Mar 4, 2026	Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rog
CVE-2025-27427		—	>= 2.0.0, < 2.40.0	2.40.0	Apr 1, 2025	A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for that particular ad
CVE-2022-35278		—	< 2.24.0	2.24.0	Aug 23, 2022	In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.

CVE-2026-27446CriMar 4, 2026
affected >= 2.11.0, <= 2.44.0
Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rog
CVE-2025-27427Apr 1, 2025
affected >= 2.0.0, < 2.40.0fixed 2.40.0
A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for that particular ad
CVE-2022-35278Aug 23, 2022
affected < 2.24.0fixed 2.24.0
In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.