CVE-2026-27446

{"id": "CVE-2026-27446", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security@apache.org", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-04T09:15:56.837", "references": [{"url": "https://lists.apache.org/thread/jwpsdc8tdxotm98od8n8n30fqlzoc8gg", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2026/03/03/4", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2026/03/04/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This could potentially result in message injection into any queue and/or message exfiltration from any queue via the rogue broker. This impacts environments that allow both:\n\n- incoming Core protocol connections from untrusted sources to the broker\n\n- outgoing Core protocol connections from the broker to untrusted targets\n\nThis issue affects:\n\n- Apache Artemis from 2.50.0 through 2.51.0\n\n- Apache ActiveMQ Artemis from 2.11.0 through 2.44.0.\n\nUsers are recommended to upgrade to Apache Artemis version 2.52.0, which fixes the issue.\n\nThe issue can be mitigated by either of the following:\n\n- Remove Core protocol support from any acceptor receiving connections from untrusted sources. Incoming Core protocol connections are supported by default via the \"artemis\" acceptor listening on port 61616. See the \"protocols\" URL parameter configured for the acceptor. An acceptor URL without this parameter supports all protocols by default, including Core.\n\n- Use two-way SSL (i.e. certificate-based authentication) in order to force every client to present the proper SSL certificate when establishing a connection before any message protocol handshake is attempted. This will prevent unauthenticated exploitation of this vulnerability."}, {"lang": "es", "value": "Vulnerabilidad de Autenticaci\u00f3n Faltante para Funci\u00f3n Cr\u00edtica (CWE-306) en Apache Artemis, Apache ActiveMQ Artemis. Un atacante remoto no autenticado puede usar el protocolo Core para forzar a un broker objetivo a establecer una conexi\u00f3n de federaci\u00f3n Core saliente con un broker malicioso controlado por el atacante. Esto podr\u00eda resultar potencialmente en la inyecci\u00f3n de mensajes en cualquier cola y/o la exfiltraci\u00f3n de mensajes de cualquier cola a trav\u00e9s del broker malicioso. Esto afecta a entornos que permiten ambos:\n\n- conexiones de protocolo Core entrantes desde fuentes no confiables al broker\n\n- conexiones de protocolo Core salientes desde el broker a objetivos no confiables\n\nEste problema afecta a:\n\n- Apache Artemis desde 2.50.0 hasta 2.51.0\n\n- Apache ActiveMQ Artemis desde 2.11.0 hasta 2.44.0.\n\nSe recomienda a los usuarios actualizar a la versi\u00f3n 2.52.0 de Apache Artemis, que corrige el problema.\n\nEl problema puede mitigarse mediante cualquiera de las siguientes opciones:\n\n- Eliminar el soporte del protocolo Core de cualquier aceptor que reciba conexiones de fuentes no confiables. Las conexiones de protocolo Core entrantes son compatibles por defecto a trav\u00e9s del aceptor 'artemis' que escucha en el puerto 61616. Consulte el par\u00e1metro URL 'protocols' configurado para el aceptor. Una URL de aceptor sin este par\u00e1metro soporta todos los protocolos por defecto, incluyendo Core.\n\n- Usar SSL bidireccional (es decir, autenticaci\u00f3n basada en certificados) para forzar a cada cliente a presentar el certificado SSL adecuado al establecer una conexi\u00f3n antes de que se intente cualquier handshake de protocolo de mensajes. Esto evitar\u00e1 la explotaci\u00f3n no autenticada de esta vulnerabilidad."}], "lastModified": "2026-03-11T15:15:37.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BC62090-71FA-45A2-A519-B2C3B47D4262", "versionEndIncluding": "2.44.0", "versionStartIncluding": "2.11.0"}, {"criteria": "cpe:2.3:a:apache:artemis:2.50.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AF62B6D-CD60-43D0-9740-AC011CC1FBFF"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}