CVE-2026-4649
Received Received - Intake
Authentication Bypass in Apache Artemis Enables Message Disclosure and Injection

Publication date: 2026-03-24

Last updated on: 2026-03-24

Assigner: KNIME AG

Description
Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows reading all messages exchanged via the broker and injection of new message ( CVE-2026-27446 https://www.cve.org/CVERecord ). Since KNIME Business Hub uses Apache Artemis it is also affected by the issue. However, since Apache Artemis is not exposed to the outside it requires at least normal user privileges and the ability to execute workflows in an executor. Such a user can install and register a federated mirror without authentication to the original Apache Artemis instance and thereby read all internal messages and inject new messages. The issue affects all versions of KNIME Business Hub. A fixed version of Apache Artemis is shipped with versions 1.18.0, 1.17.4, and 1.16.3. We recommend updating to a fixed version as soon as possible since no workaround is known.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4649
EUVD
EUVD-2026-14786
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
apache artemis to 2.52.0 (exc)
knime business_hub *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Apache Artemis versions before 2.52.0 and is an authentication bypass flaw. It allows an attacker with at least normal user privileges and the ability to execute workflows in an executor to read all messages exchanged via the broker and inject new messages. The attacker can install and register a federated mirror without authentication to the original Apache Artemis instance, thereby gaining unauthorized access to internal messages.

Since KNIME Business Hub uses Apache Artemis, it is also affected by this issue. The vulnerability requires some level of user access within the system but does not require external exposure of Apache Artemis.

Impact Analysis

The vulnerability can lead to unauthorized reading of all internal messages exchanged via the Apache Artemis broker and injection of new messages. This can compromise the confidentiality and integrity of the message data within the affected system.

An attacker with normal user privileges could exploit this flaw to manipulate message flows, potentially disrupting operations or injecting malicious data.

Since the issue affects all versions of KNIME Business Hub, users of this software are also at risk until they update to a fixed version.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to update Apache Artemis to a fixed version. Fixed versions are included in KNIME Business Hub versions 1.18.0, 1.17.4, and 1.16.3.

No workaround is known, so applying the update as soon as possible is critical to prevent exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4649. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart