Code Injection Vulnerability in Apache ActiveMQ Broker Up to Version 6.2.2
CVE-2026-34197
Key Information:
- Vendor
Apache
- Vendor
- CVE Published:
- 7 April 2026
Badges
What is CVE-2026-34197?
CVE-2026-34197 is a critical code injection vulnerability discovered in Apache ActiveMQ Broker versions up to 6.2.2. Apache ActiveMQ is a widely used open-source message broker that facilitates communication between applications in a distributed network. This vulnerability arises from improper input validation and control over code execution within the broker environment. Specifically, the Jolokia JMX-HTTP bridge, which is exposed on the web console, allows authenticated users to perform operations that can manipulate the broker's configuration. By crafting a malicious discovery URI, an attacker can exploit this vulnerability to execute arbitrary code on the JVM of the broker. This poses a significant threat as it can lead to unauthorized access, data manipulation, and potentially allow an attacker to take complete control of the affected system.
Potential impact of CVE-2026-34197
-
Arbitrary Code Execution: The vulnerability enables authenticated attackers to execute arbitrary code on the server, which can lead to severe compromise of the system's integrity and confidentiality.
-
Configuration Manipulation: Attackers can exploit the vulnerability to manipulate broker configurations, which may disrupt normal operations and lead to service downtime or data loss.
-
Potential for Further Exploitation: Successful exploitation of this vulnerability can serve as a foothold for attackers to launch further attacks within the organization's network, leading to more extensive breaches and potential ransomware deployments.
CISA has reported CVE-2026-34197
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-34197 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Apache ActiveMQ 0 < 5.19.4
Apache ActiveMQ 6.0.0 < 6.2.3
Apache ActiveMQ All 0 < 5.19.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CISA flags Apache ActiveMQ flaw as actively exploited in attacks
CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this month after going undetected for 13 years.
13 hours ago
The Hacker NewsCVE-2026-34197Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
CVE-2026-34197 exploited in Apache ActiveMQ; CISA KEV listing sets April 30, 2026 patch deadline, increasing enterprise RCE risk.
19 hours ago
Help Net SecurityCVE-2026-34197Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast - Help Net Security
Hereโs an overview of some of last weekโs most interesting news, articles, interviews and videos: Cloudflare moves up its post-quantum deadline as
5 days ago
References
EPSS Score
46% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐ฆ
CISA Reported
- ๐
Vulnerability started trending
- ๐ฐ
Used in Ransomware
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
- ๐ฐ
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved