Sonstige Informationen und Dienstleistungen der Regierung: www.belgium.be Centre for Cybersecurity Belgium

Warning: High severity vulnerability in Apache ActiveMQ, Patch Immediately!

Image
Decorative image
Veröffentlicht : 13/04/2026
  • Last update: 17/04/2026
  • Affected software:
    → Apache ActiveMQ Broker (org.apache.activemq:activemq-broker) before 5.19.4
    → Apache ActiveMQ Broker (org.apache.activemq:activemq-broker) 6.0.0 before 6.2.3
    → Apache ActiveMQ (org.apache.activemq:activemq-all) before 5.19.4
    → Apache ActiveMQ (org.apache.activemq:activemq-all) 6.0.0 before 6.2.3
  • Type: Improper Input Validation and Code Injection
  • CVE/CVSS
    → CVE-2026-34197: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Sources

Vendor Advisory - https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt

Risks

A newly discovered vulnerability in Apache ActiveMQ allows attackers to remotely execute code, enabling them to manipulate and access sensitive information.

Apache ActiveMQ is an open-source, Java-based message broker that acts as middleware to enable reliable, asynchronous communication between distributed applications.

If exploited this could lead to data breaches, system compromise, and operational downtime impacting confidentiality, integrity, and availability of critical businesses.

UPDATE: This CVE has been added to CISA KEV list, which means it’s being actively exploited in the wild by threat actors. Please consider patching ASAP.

Description

The /api/jolokia/ endpoint is exposed in ActiveMQ Classic and allows exec operations on all ActiveMQ MBeans by default. When invoking these operations with a crafted discovery URI to trigger the loading of a remote Spring XML application context. Because all the singleton beans get instantiated before the configuration is validated, Bean factory methods can execute arbitrary code before they are checked. Now the attacker can do anything they want on the system.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

NVD - https://nvd.nist.gov/vuln/detail/CVE-2026-34197
CISA - <https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34197 >