Description

Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue" permission but does not have the "createAddress" permission and address auto-creation is disabled. In this circumstance, a temporary address will be created whereas the attempt to create the non-durable subscription should instead fail since the user is not authorized to create the corresponding address. When the OpenWire connection is closed the address is removed. This issue affects Apache Artemis: from 2.50.0 through 2.52.0; Apache ActiveMQ Artemis: from 2.0.0 through 2.44.0. Users are recommended to upgrade to version 2.53.0, which fixes the issue.

INFO

Published Date :

2026-03-24T07:53:44.644Z

Last Modified :

2026-03-24T14:13:23.718Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2026-32642 vulnerability.

Vendors Products
Apache
  • Activemq Artemis
  • Artemis
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-32642.

URL Resource
http://www.openwall.com/lists/oss-security/2026/03/20/2 cve-icon cve-icon
https://lists.apache.org/thread/4wlrp31ngq2yb54sf4kjb3bl41t4xgtp cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-32642 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-32642 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact