Critical RCE Vulnerability CVE-2026-34197 Discovered in Apache ActiveMQ Classic

Severity: High (Score: 74.0)

Sources: Gbhackers, Horizon3.Ai, Infosecurity-Magazine, Cybersecuritynews

Summary

A critical remote code execution (RCE) vulnerability, tracked as CVE-2026-34197, has been identified in Apache ActiveMQ Classic, affecting versions prior to 5.19.4 and 6.0.0 to 6.2.3. This flaw, which has remained undetected for 13 years, allows authenticated attackers to exploit the Jolokia API to execute arbitrary code by supplying a crafted URI. In certain versions, where another vulnerability (CVE-2024-32114) exposes the Jolokia API without authentication, this RCE can be executed without credentials. The vulnerability is particularly dangerous due to its potential for full host compromise once access to the web console is gained. Patches have been released in versions 5.19.4 and 6.2.3 to mitigate this risk. The discovery was made by Horizon3.ai, highlighting a significant security concern for organizations using ActiveMQ. ActiveMQ is widely used across various sectors, including finance and healthcare, making this vulnerability a high priority for remediation. Key Points: • CVE-2026-34197 allows RCE via the Jolokia API in Apache ActiveMQ Classic. • Exploitation can occur without credentials in certain vulnerable versions. • Patches are available in ActiveMQ versions 5.19.4 and 6.2.3.

Key Entities

• Zero-day Exploit (attack_type)
• CVE-2016-3088 (cve)
• CVE-2022-41678 (cve)
• CVE-2023-46604 (cve)
• CVE-2024-32114 (cve)
• CVE-2026-34197 (cve)
• horizon3.ai (domain)
• Financial (industry)
• Government (industry)
• Healthcare (industry)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• T1190 - Exploit Public-Facing Application (mitre_attack)
• T1505.003 - Web Shell (mitre_attack)
• Apache ActiveMQ Classic (platform)
• Jetty Web Server (platform)
• Jolokia (tool)