CVE-2026-4649 in Business Hub
Summary
by MITRE • 03/24/2026
Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows reading all messages exchanged via the broker and injection of new message ( CVE-2026-27446 https://www.cve.org/CVERecord ). Since KNIME Business Hub uses Apache Artemis it is also affected by the issue. However, since Apache Artemis is not exposed to the outside it requires at least normal user privileges and the ability to execute workflows in an executor. Such a user can install and register a federated mirror without authentication to the original Apache Artemis instance and thereby read all internal messages and inject new messages.
The issue affects all versions of KNIME Business Hub. A fixed version of Apache Artemis is shipped with versions 1.18.0, 1.17.4, and 1.16.3.
We recommend updating to a fixed version as soon as possible since no workaround is known.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/28/2026
The vulnerability described in CVE-2026-4649 represents a critical authentication bypass flaw within Apache Artemis messaging broker software that impacts KNIME Business Hub deployments. This security weakness stems from insufficient authentication controls that permit unauthorized access to message flows within the broker infrastructure. The vulnerability specifically affects Apache Artemis versions prior to 2.52.0 and has been classified under CWE-287 which addresses improper authentication issues in software systems. The flaw creates a pathway for malicious actors to gain access to internal messaging communications and manipulate message exchanges within the system.
The technical implementation of this vulnerability allows an attacker with normal user privileges to exploit the authentication bypass by installing and registering a federated mirror without proper authentication to the original Apache Artemis instance. This capability enables the unauthorized user to read all internal messages exchanged through the broker and inject new messages into the system. The attack vector requires the attacker to have the ability to execute workflows within an executor environment, which provides a legitimate execution context for the malicious operations. This scenario demonstrates a privilege escalation vulnerability where normal user access can be leveraged to achieve elevated system access through the messaging infrastructure.
The operational impact of this vulnerability extends beyond the immediate messaging system to affect the broader KNIME Business Hub environment. Since Apache Artemis is not exposed to external networks but operates internally, the attack requires an insider threat or compromised user account with workflow execution capabilities. However, the consequences remain severe as the attacker can access all internal communications, potentially exposing sensitive data flowing through the messaging system. The ability to inject new messages creates additional risks including data manipulation, system integrity compromise, and potential denial of service conditions. This vulnerability directly impacts the security posture of organizations using KNIME Business Hub as it undermines the confidentiality and integrity of internal messaging communications.
Organizations utilizing KNIME Business Hub must prioritize immediate remediation of this vulnerability since no effective workarounds exist for the authentication bypass issue. The affected versions include KNIME Business Hub releases that incorporate vulnerable Apache Artemis components, with fixed versions available in releases 1.18.0, 1.17.4, and 1.16.3. The remediation process should involve comprehensive system updates across all KNIME Business Hub deployments to ensure consistent protection against this threat. Security teams should implement network segmentation and access controls to minimize the potential impact of compromised user accounts while awaiting the full deployment of patched versions. This vulnerability aligns with ATT&CK technique T1566 which covers credential harvesting and privilege escalation through system access manipulation, emphasizing the need for robust user access controls and monitoring of workflow execution activities within the business hub environment.