(artemis-website) branch main updated: CVE-2026-32642

Fri, 20 Mar 2026 11:49:25 -0700 

This is an automated email from the ASF dual-hosted git repository.

jbertram pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/artemis-website.git


The following commit(s) were added to refs/heads/main by this push:
     new a9ef0d5a CVE-2026-32642
a9ef0d5a is described below

commit a9ef0d5a513d0270cff0f5b837b37cb94578f3b5
Author: Justin Bertram <[email protected]>
AuthorDate: Fri Mar 20 13:48:55 2026 -0500

    CVE-2026-32642
---
 .../CVE-2026-32642-announcement.txt                | 24 ++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/src/security-advisories.data/CVE-2026-32642-announcement.txt 
b/src/security-advisories.data/CVE-2026-32642-announcement.txt
new file mode 100644
index 00000000..64ca7909
--- /dev/null
+++ b/src/security-advisories.data/CVE-2026-32642-announcement.txt
@@ -0,0 +1,24 @@
+Severity: low
+
+Affected versions:
+
+- Apache Artemis (org.apache.artemis:artemis-openwire-protocol) 2.50.0 through 
2.52.0
+- Apache ActiveMQ Artemis (org.apache.activemq:artemis-openwire-protocol) 
2.0.0 through 2.44.0
+
+Description:
+
+Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache 
ActiveMQ Artemis exists when an application using the OpenWire protocol 
attempts to create a non-durable JMS topic subscription on an address that 
doesn't exist with an authenticated user which has the "createDurableQueue" 
permission but does not have the "createAddress" permission and address 
auto-creation is disabled. In this circumstance, a temporary address will be 
created whereas the attempt to create the non- [...]
+
+This issue affects Apache Artemis: from 2.50.0 through 2.52.0; Apache ActiveMQ 
Artemis: from 2.0.0 through 2.44.0.
+
+Users are recommended to upgrade to version 2.53.0, which fixes the issue.
+
+Credit:
+
+Stephen Higgs <[email protected]> (reporter)
+
+References:
+
+https://artemis.apache.org
+https://www.cve.org/CVERecord?id=CVE-2026-32642
+https://lists.apache.org/thread/4wlrp31ngq2yb54sf4kjb3bl41t4xgtp


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to