CVE-2026-34197 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: April 7, 2026
Apache ActiveMQ - Remote Code Execution
Overview
Apache ActiveMQ Broker < 5.19.4 and 6.0.0 < 6.2.3 contains a remote code execution caused by improper input validation in Jolokia JMX-HTTP bridge allowing authenticated attackers to load remote Spring XML application contexts, letting them execute arbitrary code on the broker JVM, exploit requires authentication.
Severity & Score
Impact
Authenticated attackers can execute arbitrary code on the broker JVM, potentially leading to full system compromise.
Mitigation
Upgrade to version 5.19.5 or 6.2.3 or later.
References
Social Media Activity(2 posts)
š CVE-2026-34197 - High (8.8) Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The d... š https://www.thehackerwire.com/vulnerability/CVE-2026-34197/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-34197 - High (8.8) Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The d... š https://www.thehackerwire.com/vulnerability/CVE-2026-34197/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-34197
- Severity
- High
- CVSS Score
- 8.8
- Type
- command_injection
- Status
- unconfirmed
- EPSS
- 6.0%
- Social Posts
- 2
CWE
- CWE-20
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H