CVE-2026-40914: CWE-863 Incorrect Authorization in Apache Software Foundation Apache Artemis Stomp Protocol
A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for that particular address. A user could successfully send a message to an address or consume a message from a queue with a routing-type not supported by the corresponding address when that operation should actually be rejected on the basis that the user doesn't have permission to change the routing-type of the address. Even though the user was already granted permission to send and/or consume messages, they should not be able to augment the routing-type of the address without the createAddress permission. This issue affects Apache Artemis: from 2.50.0 through 2.53.0; Apache ActiveMQ Artemis: from 2.0.0 through 2.44.0. Users are recommended to upgrade to version 2.54.0, which fixes the issue.
AI Analysis
Technical Summary
This vulnerability arises from incorrect authorization checks in Apache Artemis's STOMP protocol implementation. Specifically, users granted send or consume permissions on an address can modify the routing-type associated with that address, an action that should require createAddress permission. This flaw allows unauthorized augmentation of routing-types, potentially leading to unauthorized message routing behaviors. The vulnerability affects Apache Artemis versions 2.50.0 through 2.53.0 and Apache ActiveMQ Artemis versions 2.0.0 through 2.44.0. The vendor recommends upgrading to version 2.54.0 to remediate the issue.
Potential Impact
An attacker with send or consume permissions on an address can bypass intended authorization restrictions by augmenting the routing-type of that address without having createAddress permission. This could lead to unauthorized message routing or consumption behaviors that violate the security policy. However, the attacker must already have some level of permission (send or consume) on the address, so the impact is limited to privilege escalation within those bounds.
Mitigation Recommendations
Users should upgrade Apache Artemis to version 2.54.0 or later, where this vulnerability is fixed. No other official remediation or temporary workaround is provided. Patch status is not explicitly confirmed in the advisory, but the vendor recommendation to upgrade indicates an official fix is available in version 2.54.0.
CVE-2026-40914: CWE-863 Incorrect Authorization in Apache Software Foundation Apache Artemis Stomp Protocol
Description
A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for that particular address. A user could successfully send a message to an address or consume a message from a queue with a routing-type not supported by the corresponding address when that operation should actually be rejected on the basis that the user doesn't have permission to change the routing-type of the address. Even though the user was already granted permission to send and/or consume messages, they should not be able to augment the routing-type of the address without the createAddress permission. This issue affects Apache Artemis: from 2.50.0 through 2.53.0; Apache ActiveMQ Artemis: from 2.0.0 through 2.44.0. Users are recommended to upgrade to version 2.54.0, which fixes the issue.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from incorrect authorization checks in Apache Artemis's STOMP protocol implementation. Specifically, users granted send or consume permissions on an address can modify the routing-type associated with that address, an action that should require createAddress permission. This flaw allows unauthorized augmentation of routing-types, potentially leading to unauthorized message routing behaviors. The vulnerability affects Apache Artemis versions 2.50.0 through 2.53.0 and Apache ActiveMQ Artemis versions 2.0.0 through 2.44.0. The vendor recommends upgrading to version 2.54.0 to remediate the issue.
Potential Impact
An attacker with send or consume permissions on an address can bypass intended authorization restrictions by augmenting the routing-type of that address without having createAddress permission. This could lead to unauthorized message routing or consumption behaviors that violate the security policy. However, the attacker must already have some level of permission (send or consume) on the address, so the impact is limited to privilege escalation within those bounds.
Mitigation Recommendations
Users should upgrade Apache Artemis to version 2.54.0 or later, where this vulnerability is fixed. No other official remediation or temporary workaround is provided. Patch status is not explicitly confirmed in the advisory, but the vendor recommendation to upgrade indicates an official fix is available in version 2.54.0.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apache
- Date Reserved
- 2026-04-15T17:18:02.939Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1839bbe29bf47b50eaa200
Added to database: 5/28/2026, 12:48:59 PM
Last enriched: 5/28/2026, 1:04:12 PM
Last updated: 5/29/2026, 8:22:03 AM
Views: 17
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.