https://feed.craftedsignal.io/tags/message-injection/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 05 Mar 2026 09:31:38 +0000https://feed.craftedsignal.io/briefs/2026-03-apache-artemis-auth-bypass/Thu, 05 Mar 2026 09:31:38 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-apache-artemis-auth-bypass/CVE-2026-27446 allows an unauthenticated remote attacker to inject malicious messages or exfiltrate data from Apache Artemis and ActiveMQ Artemis brokers due to a missing authentication check in the Core protocol.<p>On March 5, 2026, the Centre for Cybersecurity Belgium (CCB) issued a warning regarding CVE-2026-27446, a critical authentication bypass vulnerability affecting Apache Artemis and Apache ActiveMQ Artemis. This vulnerability stems from a lack of proper authentication controls within the Core protocol used for communication between brokers. Successful exploitation allows unauthenticated remote attackers to force a target broker to establish an outbound Core federation connection to a rogue broker…</p> criticaladvisoryapache-artemisapache-activemqauthentication-bypassmessage-injectiondata-exfiltration