CVE-2026-40914
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk45th percentile - higher than 45% of all known CVEs
Summary
A vulnerability exists in Apache Artemis that allows users with permissions to send or consume messages on an address to modify the routing-type of that address without having the createAddress permission. Users can send or consume messages with an unsupported routing-type, which should be rejected.
Risk Assessment
The organization may be exposed to unauthorized operations on addresses, potentially leading to unexpected application behavior and security breaches.
Recommendation
It is recommended to upgrade to version 2.54.0, which fixes the issue.
Original NVD description (English source)
A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for that particular address. A user could successfully send a message to an address or consume a message from a queue with a routing-type not supported by the corresponding address when that operation should actually be rejected on the basis that the user doesn't have permission to change the routing-type of the address. Even though the user was already granted permission to send and/or consume messages, they should not be able to augment the routing-type of the address without the createAddress permission. This issue affects Apache Artemis: from 2.50.0 through 2.53.0; Apache ActiveMQ Artemis: from 2.0.0 through 2.44.0. Users are recommended to upgrade to version 2.54.0, which fixes the issue.

