Active ApacheMQ Bug CVE-2026-34197 Exploited in Wild

A serious security flaw in Apache ActiveMQ Classic, active since 2013, is now being weaponized by attackers according to CISA in April 2026. Consequently, federal agencies have until April 30 to patch their systems against this actively exploited vulnerability.

Tracked as CVE-2026-34197 (CVSS score: 8.8), the flaw is an improper input validation issue that enables code injection. According to Horizon3.ai’s Naveen Sunkavally, the bug has been “hiding in plain sight” for over a decade.

Attackers can invoke a management operation via the Jolokia API to fetch a remote configuration file and run arbitrary commands. The vulnerability requires credentials, but default ones are common and some versions require none at all due to a separate flaw, CVE-2024-32114.

The flaw impacts several versions of Apache ActiveMQ Broker and Apache ActiveMQ. However, users are advised to immediately upgrade to version 5.19.4 or 6.2.3 to address the critical issue.

SAFE Security research confirms threat actors are actively targeting exposed Jolokia endpoints in these deployments. This rapid exploitation highlights how quickly attackers move to breach systems before patches can be applied.

Apache ActiveMQ is a popular target, with a critical 2023 flaw (CVE-2023-46604) previously used to drop Linux malware. Therefore, organizations should audit their deployments and restrict access to sensitive management interfaces.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• Netflix Stock Plummets 9% on Weak Forecast, Founder’s Exit
• Tether backs Drift’s $150M hack recovery, eyes Solana
• Record Bitcoin Miner Selloff in Tightening Q1 2026 Market
• Tether funds Drift hack victims in swap for USDT adoption
• Russia-linked crypto exchange Grinex shuts down after $13M hack