{"id":627,"date":"2026-04-17T04:27:01","date_gmt":"2026-04-17T04:27:01","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=627"},"modified":"2026-04-17T04:27:01","modified_gmt":"2026-04-17T04:27:01","slug":"apache-activemq-cve-2026-34197-added-to-cisa-kev-amid-active-exploitation","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=627","title":{"rendered":"Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Apr 17, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Enterprise Security<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiKAY7CueGuHevAtV544WN7RTKISrobQLFpjfi4kjdzP1I2BA3rnll69dv1kfvHYSCcU5tQISA0OOgcQVibKrl4o0AvtUyM9crfZuSb1XFH03iLtPglZeHn1e6S8urWxf_4CEH9-tCZdT9BBrvXOFygCxjO_AUmUXnzm4d37Q80fPw3lEn6Hb0_LWlP9XM5\/s1700-e365\/apachemq.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>A recently disclosed high-severity security flaw in Apache ActiveMQ\u00a0Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency\u00a0(CISA).<\/p>\n<p>To that end, the agency\u00a0has <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2026\/04\/16\/cisa-adds-one-known-exploited-vulnerability-catalog\">added<\/a> the vulnerability, tracked\u00a0as <strong><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-34197\">CVE-2026-34197<\/a><\/strong> (CVSS score: 8.8), to its Known Exploited Vulnerabilities\u00a0(<a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\">KEV<\/a>) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by April 30,\u00a02026.<\/p>\n<p>CVE-2026-34197\u00a0has been described as a case of improper input validation that could lead to code injection, effectively allowing an attacker to execute arbitrary code on susceptible installations. According\u00a0to Horizon3.ai&#8217;s Naveen Sunkavally, CVE-2026-34197 has\u00a0been\u00a0\u00abhiding in plain\u00a0sight\u00bb for 13\u00a0years.\u00a0<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/ai-agentic-guide-d-3\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgKLSgj9Smgyqpn4Kj-zAzWxJG1LUku8TpOERMxD6_hmMZQtXRFYXU-NA2ocnjrRafjkLtrxujKRuBstSZ4Il5z6hOu4oa7UM1FjkNoRQqrF5MWlShygYIqpnMGxHX2RHEBh9Y40x-p4PKn3cSlaWTEwKiVBDSoJgLPzR09dmp8HBffLlIqro73HVD30D00\/s728-e100\/nudge-d-3.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>\u00abAn attacker can invoke a management operation\u00a0through ActiveMQ&#8217;s Jolokia API to trick the broker into fetching a remote configuration file and running arbitrary OS\u00a0commands,\u00bb Sunkavally\u00a0added.<\/p>\n<p>\u00abThe vulnerability requires credentials, but default credentials (admin:admin) are common in many environments. On some versions (6.0.0\u20136.1.1), no credentials are\u00a0required at\u00a0all due to another vulnerability, CVE-2024-32114, which inadvertently exposes the Jolokia API without authentication. In those versions, CVE-2026-34197 is effectively an unauthenticated\u00a0RCE.\u00bb<\/p>\n<p>The vulnerability <a href=\"https:\/\/activemq.apache.org\/security-advisories.data\/CVE-2026-34197-announcement.txt\">impacts<\/a> the following versions\u00a0&#8211;<\/p>\n<ul>\n<li>Apache ActiveMQ Broker (org.apache.activemq:activemq-broker) before 5.19.4<\/li>\n<li>Apache ActiveMQ Broker (org.apache.activemq:activemq-broker) 6.0.0\u00a0before 6.2.3<\/li>\n<li>Apache ActiveMQ (org.apache.activemq:activemq-all) before 5.19.4<\/li>\n<li>Apache ActiveMQ (org.apache.activemq:activemq-all) 6.0.0\u00a0before 6.2.3<\/li>\n<\/ul>\n<p>Users are\u00a0advised to upgrade to version 5.19.4\u00a0or 6.2.3, which addresses the issue. There\u00a0are currently no details on how CVE-2026-34197\u00a0is being\u00a0exploited in the\u00a0wild, but\u00a0SAFE Security, in a report published this week, revealed that threat actors are actively targeting exposed Jolokia management endpoints in Apache ActiveMQ Classic deployments.<\/p>\n<p>The findings once again demonstrate that exploitation timelines continue to collapse as attackers pounce upon newly disclosed vulnerabilities at an alarmingly faster rate and breach systems\u00a0before they can be\u00a0patched.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/fast-response-not-fast-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjgi9mu68zRUz1nCLLKmkAA2aBtNfP_JOTXulZoB6yImso1Onk7oM_LI0kdROu8fq5S5oDyMtd1j50W44Ye_8Sl3zQZiE8A9tmFr6kejGKjGh74uoxluF-RyBq_unDQlzjXZHCqQeuYXBoogda5zf0w-zXd6v0rIM7fEw6TcFf_QGWBu5Mop-djkEaOUa5A\/s728-e100\/tl-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>Apache ActiveMQ is\u00a0a popular\u00a0target\u00a0for attack,\u00a0with flaws in the open-source message\u00a0broker repeatedly\u00a0exploited in various malware campaigns since 2021. In\u00a0August 2025, a critical vulnerability in ActiveMQ (CVE-2023-46604, CVSS score:\u00a010.0) was weaponized by unknown actors to drop a Linux malware called DripDropper.<\/p>\n<p>\u00abGiven ActiveMQ\u2019s role in enterprise messaging and data pipelines, exposed management interfaces present a high-impact risk, potentially enabling data exfiltration, service disruption, or lateral\u00a0movement,\u00bb SAFE\u00a0Security <a href=\"https:\/\/safe.security\/resources\/blog\/threat-research\/most-dangerous-new-cves-april-15-2026\/\">said<\/a>.\u00a0\u00abOrganizations should audit all deployments for externally accessible Jolokia endpoints, restrict access to trusted networks, enforce strong authentication, and disable Jolokia where it is not\u00a0required.\u00bb<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Apr 17, 2026Vulnerability \/ Enterprise Security A recently disclosed high-severity security flaw in Apache ActiveMQ\u00a0Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure&hellip;<\/p>\n","protected":false},"author":1,"featured_media":628,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[64,1268,498,1142,62,1269,65,203],"class_list":["post-627","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-active","tag-activemq","tag-added","tag-apache","tag-cisa","tag-cve202634197","tag-exploitation","tag-kev"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/627","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=627"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/627\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/628"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=627"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=627"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}