CVE-2026-4649
Received Received - Intake
Authentication Bypass in Apache Artemis Enables Message Disclosure and Injection

Publication date: 2026-03-24

Last updated on: 2026-03-24

Assigner: KNIME AG

Description
Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows reading all messages exchanged via the broker and injection of new message ( CVE-2026-27446 https://www.cve.org/CVERecord ). Since KNIME Business Hub uses Apache Artemis it is also affected by the issue. However, since Apache Artemis is not exposed to the outside it requires at least normal user privileges and the ability to execute workflows in an executor. Such a user can install and register a federated mirror without authentication to the original Apache Artemis instance and thereby read all internal messages and inject new messages. The issue affects all versions of KNIME Business Hub. A fixed version of Apache Artemis is shipped with versions 1.18.0, 1.17.4, and 1.16.3. We recommend updating to a fixed version as soon as possible since no workaround is known.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-03-24
Generated
2026-05-07
AI Q&A
2026-03-24
EPSS Evaluated
2026-05-05
NVD
CVE-2026-4649
EUVD
EUVD-2026-14786
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
apache artemis to 2.52.0 (exc)
knime business_hub *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability affects Apache Artemis versions before 2.52.0 and is an authentication bypass flaw. It allows an attacker with at least normal user privileges and the ability to execute workflows in an executor to read all messages exchanged via the broker and inject new messages. The attacker can install and register a federated mirror without authentication to the original Apache Artemis instance, thereby gaining unauthorized access to internal messages.

Since KNIME Business Hub uses Apache Artemis, it is also affected by this issue. The vulnerability requires some level of user access within the system but does not require external exposure of Apache Artemis.


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized reading of all internal messages exchanged via the Apache Artemis broker and injection of new messages. This can compromise the confidentiality and integrity of the message data within the affected system.

An attacker with normal user privileges could exploit this flaw to manipulate message flows, potentially disrupting operations or injecting malicious data.

Since the issue affects all versions of KNIME Business Hub, users of this software are also at risk until they update to a fixed version.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

The recommended immediate step to mitigate this vulnerability is to update Apache Artemis to a fixed version. Fixed versions are included in KNIME Business Hub versions 1.18.0, 1.17.4, and 1.16.3.

No workaround is known, so applying the update as soon as possible is critical to prevent exploitation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart