Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-mw36-zpkb-3keh
Vulnerability ID VCID-mw36-zpkb-3keh
Aliases CVE-2021-4040
GHSA-gf8c-j759-86mg
Summary Broker: Malformed message can result in partial DoS (OOM)
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-400 Uncontrolled Resource Consumption
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4040.json
cvssv3.1 5.3 https://access.redhat.com/security/cve/CVE-2021-4040
generic_textual MODERATE https://access.redhat.com/security/cve/CVE-2021-4040
epss 0.04235 https://api.first.org/data/v1/epss?cve=CVE-2021-4040
cvssv3.1 5.3 https://bugzilla.redhat.com/show_bug.cgi?id=2028254
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2028254
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-gf8c-j759-86mg
cvssv3.1 5.3 https://github.com/apache/activemq-artemis
generic_textual MODERATE https://github.com/apache/activemq-artemis
cvssv3.1 5.3 https://github.com/apache/activemq-artemis/pull/3862
generic_textual MODERATE https://github.com/apache/activemq-artemis/pull/3862
cvssv3.1 5.3 https://github.com/apache/activemq-artemis/pull/3871
generic_textual MODERATE https://github.com/apache/activemq-artemis/pull/3871
cvssv3.1 5.3 https://github.com/apache/activemq-artemis/pull/3871/commits
generic_textual MODERATE https://github.com/apache/activemq-artemis/pull/3871/commits
cvssv3.1 5.3 https://github.com/apache/activemq-artemis/pull/3871/commits/153d2e9a979aead8dff95fbc91d659ecc7d0fb82
generic_textual MODERATE https://github.com/apache/activemq-artemis/pull/3871/commits/153d2e9a979aead8dff95fbc91d659ecc7d0fb82
cvssv3.1 5.3 https://issues.apache.org/jira/browse/ARTEMIS-3593
generic_textual MODERATE https://issues.apache.org/jira/browse/ARTEMIS-3593
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-4040
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2021-4040
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4040.json
https://access.redhat.com/security/cve/CVE-2021-4040
https://api.first.org/data/v1/epss?cve=CVE-2021-4040
https://github.com/apache/activemq-artemis
https://github.com/apache/activemq-artemis/pull/3862
https://github.com/apache/activemq-artemis/pull/3871
https://github.com/apache/activemq-artemis/pull/3871/commits
https://github.com/apache/activemq-artemis/pull/3871/commits/153d2e9a979aead8dff95fbc91d659ecc7d0fb82
https://issues.apache.org/jira/browse/ARTEMIS-3593
https://nvd.nist.gov/vuln/detail/CVE-2021-4040
2028254 https://bugzilla.redhat.com/show_bug.cgi?id=2028254
GHSA-gf8c-j759-86mg https://github.com/advisories/GHSA-gf8c-j759-86mg
RHSA-2022:5101 https://access.redhat.com/errata/RHSA-2022:5101
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4040.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/security/cve/CVE-2021-4040
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=2028254
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/activemq-artemis
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/activemq-artemis/pull/3862
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/activemq-artemis/pull/3871
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/activemq-artemis/pull/3871/commits
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/activemq-artemis/pull/3871/commits/153d2e9a979aead8dff95fbc91d659ecc7d0fb82
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://issues.apache.org/jira/browse/ARTEMIS-3593
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2021-4040
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.8895
EPSS Score 0.04235
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:15:29.385337+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4040.json 38.6.0