cve 2026 27446

CVE-2026-27446 is a high-severity authentication vulnerability in Apache ActiveMQ Artemis that affects Siemens Opcenter RDnL installations worldwide. Republished by CISA on May 14, 2026, following Siemens ProductCERT's advisory on May 12, the flaw allows an unauthenticated attacker on an adjacent network to force the message broker into federating with a rogue broker. This can lead to message injection and disruption in industrial environments. Siemens recommends updating Apache Artemis to version 2.52.0 or later and hardening network configurations to mitigate the risk. The vulnerability is not a remote-code-execution issue but poses significant operational risks for industrial operators relying on the affected message broker.