Every CVE whose affected-product data names Apache Artemis, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2026-27446 — CVSS 9.8 (critical): Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote…
CVE-2023-50780 — CVSS 8.8 (high): Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the…
CVE-2022-23913 — CVSS 7.5 (high): In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource…
CVE-2017-12174 — CVSS 7.5 (high): It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is…
CVE-2021-26117 — CVSS 7.5 (high): The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ…
CVE-2021-26118 — CVSS 7.5 (high): While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ…
CVE-2016-4978 — CVSS 7.2 (high): The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in…
CVE-2025-27391 — CVSS 6.5 (medium): Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are…
CVE-2020-13932 — CVSS 6.1 (medium): In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit…
CVE-2022-35278 — CVSS 6.1 (medium): In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web…
CVE-2020-10727 — CVSS 5.5 (medium): A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in…
CVE-2021-4040 — CVSS 5.3 (medium): A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM)…
CVE-2026-40914 — CVSS 4.3 (medium): A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the…
CVE-2025-27427 — CVSS 4.3 (medium): A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an…
CVE-2026-32642 — CVSS 4.3 (medium): Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire…