Primary

Context

Apache Artemis and Apache ActiveMQ Artemis STOMP Protocol Routing-Type Vulnerability

Vulnerability

Patched

A vulnerability in Apache Artemis and Apache ActiveMQ Artemis allows users to modify the routing-type of addresses via the STOMP protocol, without having the necessary permissions. This issue affects Apache Artemis versions 2.50.0 to 2.53.0 and Apache ActiveMQ Artemis versions 2.0.0 to 2.44.0. The vulnerability arises because users with send or consume permissions can change the routing-type, even if they lack the createAddress permission for that address. As a result, users could send or receive messages using unsupported routing-types, contrary to the intended permission restrictions.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of address routing-types, allowing users to send or consume messages in ways that bypass established permission controls.

Remediation

Users are advised to upgrade to Apache Artemis or Apache ActiveMQ Artemis version 2.54.0, which addresses this vulnerability.

Added: May 28, 2026, 3:46 PM

Updated: May 28, 2026, 3:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Artemis and Apache ActiveMQ Artemis STOMP Protocol Routing-Type Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache Artemis

Apache ActiveMQ Artemis

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating