CVE-2026-40914
Modified Modified - Updated After Analysis
Privilege Escalation in Apache Artemis via STOMP Routing-Type Manipulation

Publication date: 2026-05-28

Last updated on: 2026-06-15

Assigner: Apache Software Foundation

Description
A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for that particular address. A user could successfully send a message to an address or consume a message from a queue with a routing-type not supported by the corresponding address when that operation should actually be rejected on the basis that the user doesn't have permission to change the routing-type of the address. Even though the user was already granted permission to send and/or consume messages, they should not be able to augment the routing-type of the address without the createAddress permission. This issue affects Apache Artemis: from 2.50.0 through 2.53.0; Apache ActiveMQ Artemis: from 2.0.0 through 2.44.0. Users are recommended to upgrade to version 2.54.0, which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-06-15
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-40914
EUVD
EUVD-2026-32894
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache artemis From 2.0.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Apache Artemis when using the STOMP protocol. A user who has permission to send or consume messages on an address can improperly change the routing-type of that address, even if they do not have the required createAddress permission. This means the user can send or receive messages with a routing-type that the address does not officially support, which should normally be blocked.

Impact Analysis

The impact of this vulnerability is that a user with limited permissions (send or consume) can effectively alter the routing behavior of messages on an address without proper authorization. This could lead to unauthorized message routing, potentially causing unexpected message delivery, bypassing intended access controls, or disrupting the messaging system's integrity.

Mitigation Strategies

Users are recommended to upgrade Apache Artemis or Apache ActiveMQ Artemis to version 2.54.0, which fixes the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40914. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart