{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/message-injection/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["apache-artemis","apache-activemq","authentication-bypass","message-injection","data-exfiltration"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOn March 5, 2026, the Centre for Cybersecurity Belgium (CCB) issued a warning regarding CVE-2026-27446, a critical authentication bypass vulnerability affecting Apache Artemis and Apache ActiveMQ Artemis. This vulnerability stems from a lack of proper authentication controls within the Core protocol used for communication between brokers. Successful exploitation allows unauthenticated remote attackers to force a target broker to establish an outbound Core federation connection to a rogue broker…\u003c/p\u003e\n","date_modified":"2026-03-05T09:31:38Z","date_published":"2026-03-05T09:31:38Z","id":"/briefs/2026-03-apache-artemis-auth-bypass/","summary":"CVE-2026-27446 allows an unauthenticated remote attacker to inject malicious messages or exfiltrate data from Apache Artemis and ActiveMQ Artemis brokers due to a missing authentication check in the Core protocol.","title":"Apache Artemis and ActiveMQ Artemis Authentication Bypass Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-apache-artemis-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Message-Injection","version":"https://jsonfeed.org/version/1.1"}