EUVD-2026-9382

Description

Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This could potentially result in message injection into any queue and/or message exfiltration from any queue via the rogue broker. This impacts environments that allow both: - incoming Core protocol connections from untrusted sources to the broker - outgoing Core protocol connections from the broker to untrusted targets This issue affects: - Apache Artemis from 2.50.0 through 2.51.0 - Apache ActiveMQ Artemis from 2.11.0 through 2.44.0. Users are recommended to upgrade to Apache Artemis version 2.52.0, which fixes the issue. The issue can be mitigated by either of the following: - Remove Core protocol support from any acceptor receiving connections from untrusted sources. Incoming Core protocol connections are supported by default via the "artemis" acceptor listening on port 61616. See the "protocols" URL parameter configured for the acceptor. An acceptor URL without this parameter supports all protocols by default, including Core. - Use two-way SSL (i.e. certificate-based authentication) in order to force every client to present the proper SSL certificate when establishing a connection before any message protocol handshake is attempted. This will prevent unauthenticated exploitation of this vulnerability.

CVE-2026-27446

EPSS Score:

Comprehensive Technical Analysis of EUVD-2026-9382

1. Vulnerability Assessment and Severity Evaluation

The vulnerability EUVD-2026-9382, also known as CVE-2026-27446, is classified as a "Missing Authentication for Critical Function" (CWE-306) in Apache Artemis and Apache ActiveMQ Artemis. This vulnerability allows an unauthenticated remote attacker to exploit the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. The potential consequences include message injection into any queue and/or message exfiltration from any queue via the rogue broker.

Severity Evaluation:

Base Score: 9.3 (CVSS 4.0)
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L

The high base score indicates a critical vulnerability due to the potential for significant confidentiality and integrity impacts, even though the availability impact is low. The attack vector is network-based, requiring no privileges or user interaction, and the attack complexity is low.

2. Potential Attack Vectors and Exploitation Methods

Attack Vectors:

Unauthenticated Remote Attack: An attacker can exploit the vulnerability by sending specially crafted Core protocol messages to the target broker, forcing it to establish an outbound connection to a rogue broker controlled by the attacker.
Message Injection and Exfiltration: Once the connection is established, the attacker can inject malicious messages into any queue or exfiltrate sensitive messages from any queue.

Exploitation Methods:

Core Protocol Manipulation: The attacker manipulates the Core protocol to trick the target broker into believing it is communicating with a legitimate broker.
Rogue Broker Setup: The attacker sets up a rogue broker to receive the outbound connection from the target broker, allowing for message injection and exfiltration.

3. Affected Systems and Software Versions

Affected Software:

Apache Artemis: Versions 2.50.0 through 2.51.0
Apache ActiveMQ Artemis: Versions 2.11.0 through 2.44.0

Affected Environments:

Environments that allow both incoming Core protocol connections from untrusted sources to the broker and outgoing Core protocol connections from the broker to untrusted targets.

4. Recommended Mitigation Strategies

Immediate Mitigation:

Upgrade: Upgrade to Apache Artemis version 2.52.0, which includes a fix for the vulnerability.
Remove Core Protocol Support: Remove Core protocol support from any acceptor receiving connections from untrusted sources. This can be done by configuring the "protocols" URL parameter for the acceptor.
Two-Way SSL: Implement two-way SSL (certificate-based authentication) to ensure that every client presents a proper SSL certificate before any message protocol handshake is attempted.

Long-Term Mitigation:

Network Segmentation: Segment the network to limit access to the broker from untrusted sources.
Regular Audits: Conduct regular security audits and vulnerability assessments to identify and mitigate similar issues.

5. Impact on European Cybersecurity Landscape

The vulnerability poses a significant risk to organizations using Apache Artemis or Apache ActiveMQ Artemis, particularly those in critical sectors such as finance, healthcare, and government. The potential for message injection and exfiltration can lead to data breaches, financial loss, and disruption of services. Given the widespread use of these messaging systems, the impact on the European cybersecurity landscape could be substantial if not adequately addressed.

6. Technical Details for Security Professionals

Vulnerability Details:

CWE-306: Missing Authentication for Critical Function
Affected Protocol: Core protocol
Default Port: 61616 (used by the "artemis" acceptor)

Mitigation Steps:

Upgrade to Version 2.52.0:
- Ensure that all instances of Apache Artemis are upgraded to version 2.52.0.
- Verify the upgrade process and test the environment to ensure compatibility and stability.
Configure Acceptors:
- Modify the acceptor configuration to remove Core protocol support for untrusted sources.
- Example configuration change:
```
<acceptor name="artemis">tcp://0.0.0.0:61616?protocols=AMQP</acceptor>
```

Implement Two-Way SSL:

Configure two-way SSL to enforce certificate-based authentication.

Example configuration:

<acceptor name="ssl-artemis">tcp://0.0.0.0:61617?sslEnabled=true;keyStorePath=/path/to/keystore;keyStorePassword=password;trustStorePath=/path/to/truststore;trustStorePassword=password</acceptor>

Monitor and Log:
- Implement monitoring and logging to detect any suspicious activity related to the Core protocol.
- Regularly review logs for any unauthorized connections or attempts to establish outbound connections.

By following these mitigation strategies and maintaining vigilant monitoring, organizations can significantly reduce the risk associated with this vulnerability.

Description

CVE-2026-27446

EPSS Score:

Comprehensive Technical Analysis of EUVD-2026-9382

1. Vulnerability Assessment and Severity Evaluation

Severity Evaluation:

Base Score: 9.3 (CVSS 4.0)
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L

2. Potential Attack Vectors and Exploitation Methods

Attack Vectors:

Unauthenticated Remote Attack: An attacker can exploit the vulnerability by sending specially crafted Core protocol messages to the target broker, forcing it to establish an outbound connection to a rogue broker controlled by the attacker.
Message Injection and Exfiltration: Once the connection is established, the attacker can inject malicious messages into any queue or exfiltrate sensitive messages from any queue.

Exploitation Methods:

Core Protocol Manipulation: The attacker manipulates the Core protocol to trick the target broker into believing it is communicating with a legitimate broker.
Rogue Broker Setup: The attacker sets up a rogue broker to receive the outbound connection from the target broker, allowing for message injection and exfiltration.

3. Affected Systems and Software Versions

Affected Software:

Apache Artemis: Versions 2.50.0 through 2.51.0
Apache ActiveMQ Artemis: Versions 2.11.0 through 2.44.0

Affected Environments:

Environments that allow both incoming Core protocol connections from untrusted sources to the broker and outgoing Core protocol connections from the broker to untrusted targets.

4. Recommended Mitigation Strategies

Immediate Mitigation:

Upgrade: Upgrade to Apache Artemis version 2.52.0, which includes a fix for the vulnerability.
Remove Core Protocol Support: Remove Core protocol support from any acceptor receiving connections from untrusted sources. This can be done by configuring the "protocols" URL parameter for the acceptor.
Two-Way SSL: Implement two-way SSL (certificate-based authentication) to ensure that every client presents a proper SSL certificate before any message protocol handshake is attempted.

Long-Term Mitigation:

Network Segmentation: Segment the network to limit access to the broker from untrusted sources.
Regular Audits: Conduct regular security audits and vulnerability assessments to identify and mitigate similar issues.

5. Impact on European Cybersecurity Landscape

6. Technical Details for Security Professionals

Vulnerability Details:

CWE-306: Missing Authentication for Critical Function
Affected Protocol: Core protocol
Default Port: 61616 (used by the "artemis" acceptor)

Mitigation Steps:

Upgrade to Version 2.52.0:
- Ensure that all instances of Apache Artemis are upgraded to version 2.52.0.
- Verify the upgrade process and test the environment to ensure compatibility and stability.
Configure Acceptors:
- Modify the acceptor configuration to remove Core protocol support for untrusted sources.
- Example configuration change:
```
<acceptor name="artemis">tcp://0.0.0.0:61616?protocols=AMQP</acceptor>
```

Implement Two-Way SSL:

Configure two-way SSL to enforce certificate-based authentication.

Example configuration:

<acceptor name="ssl-artemis">tcp://0.0.0.0:61617?sslEnabled=true;keyStorePath=/path/to/keystore;keyStorePassword=password;trustStorePath=/path/to/truststore;trustStorePassword=password</acceptor>

Monitor and Log:
- Implement monitoring and logging to detect any suspicious activity related to the Core protocol.
- Regularly review logs for any unauthorized connections or attempts to establish outbound connections.

By following these mitigation strategies and maintaining vigilant monitoring, organizations can significantly reduce the risk associated with this vulnerability.

Description

EPSS Score:

Comprehensive Technical Analysis of EUVD-2026-9382

1. Vulnerability Assessment and Severity Evaluation

2. Potential Attack Vectors and Exploitation Methods

3. Affected Systems and Software Versions

4. Recommended Mitigation Strategies

5. Impact on European Cybersecurity Landscape

6. Technical Details for Security Professionals

References

Affected Products

Vendors

EUVD-2026-9382

Description

EPSS Score:

Comprehensive Technical Analysis of EUVD-2026-9382

1. Vulnerability Assessment and Severity Evaluation

2. Potential Attack Vectors and Exploitation Methods

3. Affected Systems and Software Versions

4. Recommended Mitigation Strategies

5. Impact on European Cybersecurity Landscape

6. Technical Details for Security Professionals

References

Affected Products

Vendors