Artemis

This hub aggregates every CVE we track for Artemis, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Artemis.

• CVE-2026-40914Apache Artemis Stomp Protocol, Apache ActiveMQ Artemis Stomp Protocol: Address routing-type can be updated by STOMP protocol user without the createAddress permission4.3May 28, 2026
• CVE-2026-32642Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission4.3Mar 24, 2026
• CVE-2026-27446Apache Artemis, Apache ActiveMQ Artemis: Auth bypass for Core downstream federation9.8Mar 4, 2026
• CVE-2025-27391Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log6.5Apr 9, 2025
• CVE-2025-27427Apache ActiveMQ Artemis: Address routing-type can be updated by user without the createAddress permission4.3Apr 1, 2025
• CVE-2023-50780Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans8.8Oct 14, 2024
• CVE-2021-4040A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt...5.3Aug 24, 2022
• CVE-2022-35278HTML Injection in ActiveMQ Artemis Web Console6.1Aug 23, 2022
• CVE-2022-23913Apache ActiveMQ Artemis DoS7.5Feb 4, 2022
• CVE-2021-26118Flaw in ActiveMQ Artemis OpenWire support7.5Jan 27, 2021
• CVE-2021-26117ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind7.5Jan 27, 2021
• CVE-2020-13932In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected int...6.1Jul 20, 2020
• CVE-2020-10727A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.proper...5.5Jun 26, 2020
• CVE-2017-12174It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may...7.5Mar 7, 2018
• CVE-2016-4978The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote a...7.2Sep 27, 2016