Authorization Flaw in Apache ActiveMQ Artemis Affects Multiple Versions
CVE-2026-32642

2.3LOW

Key Information:

Vendor: Apache
Status: Apache Artemis; Apache ActiveMQ Artemis
Vendor: CVE Published:; 24 March 2026

What is CVE-2026-32642?

An incorrect authorization vulnerability exists in Apache Artemis and Apache ActiveMQ Artemis when an authenticated user with the 'createDurableQueue' permission attempts to create a non-durable JMS topic subscription on a non-existent address. If address auto-creation is disabled, the subscription creation should fail, but owing to this flaw, a temporary address may still be created. This vulnerability affects specific versions of the products, prompting users to upgrade to version 2.53.0 to remediate the issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache ActiveMQ Artemis 2.0.0 <= 2.44.0

Apache Artemis 2.50.0 <= 2.52.0

References

https://lists.apache.org/thread/4wlrp31ngq2yb54sf4kjb3bl4...

vendor-advisory

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 24, 2026
Vulnerability Reserved
Mar 12, 2026

Credit

Stephen Higgs <shiggs@redhat.com>

JSON

Apache

What is CVE-2026-32642?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.