Question 1

What is CVE-2021-26118 — CVE-2021-26118?

Accepted Answer

While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.

Question 2

What is the authoritative source for CVE-2021-26118?

Accepted Answer

CVE-2021-26118 (CVE-2021-26118) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVSS	7.5 ()
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS	4.01% probability of exploitation · percentile 89.2% · 2026-06-18T12:00:27Z
Last modified	2026-06-15

CVE-2021-26118CVE-2021-26118

Description

Scoring