Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

The Hacker News by The Hacker News
April 17, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Ravie LakshmananApr 17, 2026Vulnerability / Enterprise Security

A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

To that end, the agency has added the vulnerability, tracked as CVE-2026-34197 (CVSS score: 8.8), to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by April 30, 2026.

CVE-2026-34197 has been described as a case of improper input validation that could lead to code injection, effectively allowing an attacker to execute arbitrary code on susceptible installations. According to Horizon3.ai’s Naveen Sunkavally, CVE-2026-34197 has been “hiding in plain sight” for 13 years. 

“An attacker can invoke a management operation through ActiveMQ’s Jolokia API to trick the broker into fetching a remote configuration file and running arbitrary OS commands,” Sunkavally added.

“The vulnerability requires credentials, but default credentials (admin:admin) are common in many environments. On some versions (6.0.0–6.1.1), no credentials are required at all due to another vulnerability, CVE-2024-32114, which inadvertently exposes the Jolokia API without authentication. In those versions, CVE-2026-34197 is effectively an unauthenticated RCE.”

The vulnerability impacts the following versions –

  • Apache ActiveMQ Broker (org.apache.activemq:activemq-broker) before 5.19.4
  • Apache ActiveMQ Broker (org.apache.activemq:activemq-broker) 6.0.0 before 6.2.3
  • Apache ActiveMQ (org.apache.activemq:activemq-all) before 5.19.4
  • Apache ActiveMQ (org.apache.activemq:activemq-all) 6.0.0 before 6.2.3

Users are advised to upgrade to version 5.19.4 or 6.2.3, which addresses the issue. There are currently no details on how CVE-2026-34197 is being exploited in the wild, but SAFE Security, in a report published this week, revealed that threat actors are actively targeting exposed Jolokia management endpoints in Apache ActiveMQ Classic deployments.

The findings once again demonstrate that exploitation timelines continue to collapse as attackers pounce upon newly disclosed vulnerabilities at an alarmingly faster rate and breach systems before they can be patched.

Apache ActiveMQ is a popular target for attack, with flaws in the open-source message broker repeatedly exploited in various malware campaigns since 2021. In August 2025, a critical vulnerability in ActiveMQ (CVE-2023-46604, CVSS score: 10.0) was weaponized by unknown actors to drop a Linux malware called DripDropper.

“Given ActiveMQ’s role in enterprise messaging and data pipelines, exposed management interfaces present a high-impact risk, potentially enabling data exfiltration, service disruption, or lateral movement,” SAFE Security said. “Organizations should audit all deployments for externally accessible Jolokia endpoints, restrict access to trusted networks, enforce strong authentication, and disable Jolokia where it is not required.”



Source link

The Hacker News

The Hacker News

Next Post
Welcome to agentic AI. Welcome to per-agent licensing | Computer Weekly

Welcome to agentic AI. Welcome to per-agent licensing | Computer Weekly

Recommended.

TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks

TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks

September 17, 2025
CVE volumes head towards 50,000 in 2025, analysts claim | Computer Weekly

CVE volumes head towards 50,000 in 2025, analysts claim | Computer Weekly

February 28, 2025

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Anaconda Extends AI-Native Application Development With Acquisition

Anaconda Extends AI-Native Application Development With Acquisition

May 1, 2026
This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

April 21, 2026
AT&T Vs. Verizon: How The Country’s Biggest Carriers Fared In Q4 2025

AT&T Vs. Verizon: How The Country’s Biggest Carriers Fared In Q4 2025

January 30, 2026
Elon Musk Is Rolling xAI Into SpaceX—Creating the World’s Most Valuable Private Company

Elon Musk Is Rolling xAI Into SpaceX—Creating the World’s Most Valuable Private Company

February 3, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio