UBUNTU-CVE-2026-32642

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-32642

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-32642.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-32642

Upstream

CVE-2026-32642

Published

2026-03-24T08:16:00Z

Modified

2026-04-02T21:19:47.894633Z

Severity

2.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue" permission but does not have the "createAddress" permission and address auto-creation is disabled. In this circumstance, a temporary address will be created whereas the attempt to create the non-durable subscription should instead fail since the user is not authorized to create the corresponding address. When the OpenWire connection is closed the address is removed. This issue affects Apache Artemis: from 2.50.0 through 2.52.0; Apache ActiveMQ Artemis: from 2.0.0 through 2.44.0. Users are recommended to upgrade to version 2.53.0, which fixes the issue.

References

Affected packages

Ubuntu:16.04:LTS

artemis

Package

Name: artemis
Purl: pkg:deb/ubuntu/artemis@16.0.0+dfsg-4?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

16.*

16.0.0+dfsg-1

16.0.0+dfsg-2

16.0.0+dfsg-3

16.0.0+dfsg-4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "artemis",
            "binary_version": "16.0.0+dfsg-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-32642.json"

Ubuntu:18.04:LTS

artemis

Package

Name: artemis
Purl: pkg:deb/ubuntu/artemis@16.0.17+dfsg-3?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

16.*

16.0.17+dfsg-2

16.0.17+dfsg-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "artemis",
            "binary_version": "16.0.17+dfsg-3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-32642.json"

Ubuntu:20.04:LTS

artemis

Package

Name: artemis
Purl: pkg:deb/ubuntu/artemis@17.0.1+dfsg-2?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

17.*

17.0.1+dfsg-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "artemis",
            "binary_version": "17.0.1+dfsg-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-32642.json"

Ubuntu:22.04:LTS

artemis

Package

Name: artemis
Purl: pkg:deb/ubuntu/artemis@18.1.0+dfsg-6?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

18.*

18.1.0+dfsg-3

18.1.0+dfsg-6

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "artemis",
            "binary_version": "18.1.0+dfsg-6"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-32642.json"

Ubuntu:24.04:LTS

artemis

Package

Name: artemis
Purl: pkg:deb/ubuntu/artemis@18.2.0+dfsg-3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

18.*

18.2.0+dfsg-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "artemis",
            "binary_version": "18.2.0+dfsg-3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-32642.json"

Ubuntu:25.10

artemis

Package

Name: artemis
Purl: pkg:deb/ubuntu/artemis@18.2.0+dfsg-4?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

18.*

18.2.0+dfsg-4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "artemis",
            "binary_version": "18.2.0+dfsg-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-32642.json"