{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-10T22:19:17.572","vulnerabilities":[{"cve":{"id":"CVE-2026-27446","sourceIdentifier":"security@apache.org","published":"2026-03-04T09:15:56.837","lastModified":"2026-05-12T13:17:33.067","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This could potentially result in message injection into any queue and/or message exfiltration from any queue via the rogue broker. This impacts environments that allow both:\n\n- incoming Core protocol connections from untrusted sources to the broker\n\n- outgoing Core protocol connections from the broker to untrusted targets\n\nThis issue affects:\n\n- Apache Artemis from 2.50.0 through 2.51.0\n\n- Apache ActiveMQ Artemis from 2.11.0 through 2.44.0.\n\nUsers are recommended to upgrade to Apache Artemis version 2.52.0, which fixes the issue.\n\nThe issue can be mitigated by one of the following:\n\n- Remove Core protocol support from any acceptor receiving connections from untrusted sources. Incoming Core protocol connections are supported by default via the \"artemis\" acceptor listening on port 61616. See the \"protocols\" URL parameter configured for the acceptor. An acceptor URL without this parameter supports all protocols by default, including Core.\n\n- Use two-way SSL (i.e. certificate-based authentication) in order to force every client to present the proper SSL certificate when establishing a connection before any message protocol handshake is attempted. This will prevent unauthenticated exploitation of this vulnerability.\n\n- Implement and deploy a Core interceptor to deny all Core downstream federation connect packets. Such packets have a type of (int) -16 or (byte) 0xfffffff0. Documentation for interceptors is available at  https://artemis.apache.org/components/artemis/documentation/latest/intercepting-operations.html ."},{"lang":"es","value":"Vulnerabilidad de Autenticación Faltante para Función Crítica (CWE-306) en Apache Artemis, Apache ActiveMQ Artemis. Un atacante remoto no autenticado puede usar el protocolo Core para forzar a un broker objetivo a establecer una conexión de federación Core saliente con un broker malicioso controlado por el atacante. Esto podría resultar potencialmente en la inyección de mensajes en cualquier cola y/o la exfiltración de mensajes de cualquier cola a través del broker malicioso. Esto afecta a entornos que permiten ambos:\n\n- conexiones de protocolo Core entrantes desde fuentes no confiables al broker\n\n- conexiones de protocolo Core salientes desde el broker a objetivos no confiables\n\nEste problema afecta a:\n\n- Apache Artemis desde 2.50.0 hasta 2.51.0\n\n- Apache ActiveMQ Artemis desde 2.11.0 hasta 2.44.0.\n\nSe recomienda a los usuarios actualizar a la versión 2.52.0 de Apache Artemis, que corrige el problema.\n\nEl problema puede mitigarse mediante cualquiera de las siguientes opciones:\n\n- Eliminar el soporte del protocolo Core de cualquier aceptor que reciba conexiones de fuentes no confiables. Las conexiones de protocolo Core entrantes son compatibles por defecto a través del aceptor 'artemis' que escucha en el puerto 61616. Consulte el parámetro URL 'protocols' configurado para el aceptor. Una URL de aceptor sin este parámetro soporta todos los protocolos por defecto, incluyendo Core.\n\n- Usar SSL bidireccional (es decir, autenticación basada en certificados) para forzar a cada cliente a presentar el certificado SSL adecuado al establecer una conexión antes de que se intente cualquier handshake de protocolo de mensajes. Esto evitará la explotación no autenticada de esta vulnerabilidad."}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*","versionStartIncluding":"2.11.0","versionEndIncluding":"2.44.0","matchCriteriaId":"6BC62090-71FA-45A2-A519-B2C3B47D4262"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:artemis:2.50.0:*:*:*:*:*:*:*","matchCriteriaId":"8AF62B6D-CD60-43D0-9740-AC011CC1FBFF"}]}]}],"references":[{"url":"https://lists.apache.org/thread/jwpsdc8tdxotm98od8n8n30fqlzoc8gg","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/03/03/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/03/04/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-085541.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}}]}