RCE in Apache Software Foundation Activemq
CVE-2026-34197
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.835 (99.3th percentile) — read the EPSS interpretation.
Affected products
- Apache Software Foundation Activemq — versions 0, 6.0.0
- Apache Software Foundation Activemq All — versions 0, 6.0.0
- Apache Software Foundation Activemq Broker — versions 0, 6.0.0
Weakness classification (CWE)
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Public proof-of-concept exploits
- Catherines77/ActiveMQ-EXPtools
- dinosn/CVE-2026-34197
- DEVSECURITYSPRO/CVE-2026-34197
- KONDORDEVSECURITYCORP/CVE-2026-34197
- hnytgl/cve-2026-34197
- xshysjhq/CVE-2026-34197-payload-Apache-ActiveMQ-
- keraattin/CVE-2026-34197
- AtoposX-J/CVE-2026-34197-Apache-ActiveMQ-RCE
- 0xBlackash/CVE-2026-34197
- LAT-06/CVE-2026-34197
References
Frequently asked questions
- What is CVE-2026-34197?
- CVE-2026-34197 is a vulnerability in Apache Software Foundation Activemq, classified under Improper Input Validation. Published 2026-04-07.
- Is CVE-2026-34197 known to be exploited?
- Yes. CVE-2026-34197 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2026-04-16), indicating it is being actively exploited. 13 public proof-of-concept repositories are indexed.