Back

Critical RCE Vulnerability Discovered in Apache ActiveMQ Classic

Severity: High (Score: 72.6)

Sources: Horizon3.Ai

Summary

CVE-2026-34197 is a remote code execution vulnerability in Apache ActiveMQ Classic, affecting versions prior to 5.19.4 and 6.2.3. This vulnerability allows authenticated attackers to execute arbitrary code via the Jolokia API by supplying a crafted URI. In certain versions, due to CVE-2024-32114, the Jolokia API is exposed without authentication, enabling unauthenticated exploitation. The vulnerability has been present for 13 years, stemming from a combination of legitimate features rather than a single coding flaw. It is critical for organizations using ActiveMQ to prioritize patching to mitigate potential exploitation. The vulnerability was discovered by Horizon3.ai and is linked to previous vulnerabilities affecting ActiveMQ. The patch for CVE-2026-34197 has been released, addressing the exploit path. ActiveMQ is widely used in various sectors, including finance and healthcare, increasing the risk of significant impact if exploited. Key Points: • CVE-2026-34197 allows RCE via the Jolokia API in ActiveMQ Classic. • Exploitation can occur with default or no credentials in certain versions. • Organizations must patch to versions 5.19.4 or 6.2.3 to mitigate risks.

Key Entities

  • Zero-day Exploit (attack_type)
  • CVE-2016-3088 (cve)
  • CVE-2022-41678 (cve)
  • CVE-2023-46604 (cve)
  • CVE-2024-32114 (cve)
  • CVE-2026-34197 (cve)
  • horizon3.ai (domain)
  • Financial (industry)
  • Government (industry)
  • Healthcare (industry)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • T1505.003 - Web Shell (mitre_attack)
  • Apache ActiveMQ Classic (platform)
  • Jetty Web Server (platform)
  • Jolokia (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed