Critical RCE Vulnerabilities Discovered in Apache ActiveMQ Management Interfaces

Critical RCE Vulnerabilities Discovered in Apache ActiveMQ Management Interfaces

First seen 1 Jun 2026, 19:26 UTC Nvd.NistCyfirmacve.org 83% similarity 72.0

Article Content

Browse articles
ThreatCluster

CVE-2026-34197, a high-severity remote code execution vulnerability, affects Apache ActiveMQ Classic due to unsafe exposure of the Jolokia HTTP/JMX management interface. Attackers can exploit this flaw to execute arbitrary code by interacting with privileged broker operations. Additionally, CVE-2026-45505 and CVE-2026-49157 reveal further weaknesses in input validation and default permissions, respectively, allowing unauthorized access to management operations. These vulnerabilities impact versions of ActiveMQ prior to 5.19.7 and from 6.0.0 before 6.2.6. The vulnerabilities have been publicly disclosed, with the first proof of concept available shortly after CVE-2026-34197's publication. Given the critical role of ActiveMQ in enterprise environments, immediate remediation is essential to mitigate risks to application availability and operational continuity.

Key Points: • CVE-2026-34197 allows remote code execution via the Jolokia management interface. • CVE-2026-45505 and CVE-2026-49157 expose further vulnerabilities in ActiveMQ's security. • Immediate upgrades to versions 5.19.7 or 6.2.6 are recommended to mitigate risks.

ThreatCluster AI

Timeline

2026-04-07
CVE-2026-34197 published
A remote code execution vulnerability in Apache ActiveMQ due to Jolokia interface exposure was disclosed.
Cyfirma
2026-04-08
First public PoC for CVE-2026-34197
The first proof of concept demonstrating the exploit path for CVE-2026-34197 was released.
Cyfirma
2026-04-16
CVE-2026-34197 added to CISA KEV
CISA included CVE-2026-34197 in its Known Exploited Vulnerabilities catalog due to active exploitation.
Cyfirma
2026-06-01
CVE-2026-45505 and CVE-2026-49157 published
Two additional vulnerabilities in Apache ActiveMQ were disclosed, affecting versions before 5.19.7 and from 6.0.0 before 6.2.6.
Nvd.Nist
2026-06-01
Recommendations issued for ActiveMQ upgrades
Users are advised to upgrade to versions 5.19.7 or 6.2.6 to address the vulnerabilities.
Nvd.Nist

Community

Browse all →