Flaw in ActiveMQ Artemis OpenWire support (CVE-2021-26118) PRODUCT AFFECTED: This issue affects Apache ActiveMQ Artemis. PROBLEM: While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error. This issue has been assigned CVE-2021-26118. This issue is being tracked as https://issues.apache.org/jira/browse/ARTEMIS-2964. WORKAROUND: Upgrade to Apache ActiveMQ Artemis 2.16.0 MODIFICATION HISTORY: : Initial Publication. RELATED LINKS: CVE-2021-26118 at cve.mitre.org ACKNOWLEDGEMENTS: Apache ActiveMQ would like to thank Francesco Marchioni (Red Hat) for reporting this issue.