CVE-2021-26118HIGHCVSS 7.5

Apache ActiveMQ Artemis vulnerable to Improper Access Control

Published Jun 16, 2021·Updated Jul 7, 2026

Description

While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.

Affected Packages (1)

org.apache.activemq:artemis-openwire-protocolMAVEN
Fixed in 2.16.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free