13-Year-Old ActiveMQ Bug Found by Claude AI Enables RCE
CVE-2026-34197 exposes Apache ActiveMQ to remote code execution via the Jolokia API. Horizon3 researcher used Claude to uncover the flaw in under 10 minutes. Patch now.
A critical remote code execution vulnerability in Apache ActiveMQ sat undetected for over a decade until a security researcher used Anthropic's Claude AI to find it in under 10 minutes. CVE-2026-34197 allows attackers to execute arbitrary commands on affected message brokers through the Jolokia management API.
Apache patched the flaw on March 30, 2026, releasing fixed versions 5.19.4 and 6.2.3. Organizations running older versions should treat this as a high priority—ActiveMQ has been repeatedly targeted in real-world attacks, with two prior CVEs already on CISA's Known Exploited Vulnerabilities catalog.
TL;DR
- What happened: 13-year-old RCE vulnerability discovered in Apache ActiveMQ's Jolokia API
- Who's affected: ActiveMQ Classic before 5.19.4, versions 6.0.0 through 6.2.2
- Severity: CVSS 8.8 (High), but unauthenticated on versions 6.0.0-6.1.1
- Action required: Upgrade to ActiveMQ 5.19.4 or 6.2.3 immediately
How the Attack Works
The vulnerability exploits a chain of legitimate features in ActiveMQ's architecture. Horizon3's research details the attack mechanism:
- Jolokia API access: ActiveMQ's web management console (port 8161) exposes JMX operations via REST at
/api/jolokia/ - MBean operation abuse: Post-2023 security patches permit operations on ActiveMQ MBeans, including
addNetworkConnector() - VM transport with remote config: The
vm://transport can load Spring XML configurations from attacker-controlled URLs
An attacker calls addNetworkConnector() with a crafted URI containing a brokerConfig parameter pointing to a malicious Spring configuration file. When processed, ActiveMQ's VM transport layer creates an embedded broker that loads and executes the attacker's payload.
The attack requires authentication on most versions—but default credentials remain admin:admin in many deployments. Message broker infrastructure shares the same default credentials problem that plagues similar systems like Eclipse OpenMQ.
Unauthenticated RCE on Version 6.x
The severity escalates dramatically for ActiveMQ 6.0.0 through 6.1.1. These versions shipped with CVE-2024-32114, which exposes the Jolokia API without authentication. Combined with CVE-2026-34197, attackers can achieve unauthenticated remote code execution—no credentials required.
Organizations running 6.x branches should verify their version immediately. The jump from authenticated to unauthenticated exploitation changes this from a concerning vulnerability to a critical one.
AI-Assisted Vulnerability Discovery
Naveen Sunkavally, the Horizon3 researcher who found the flaw, described the discovery process as "80% Claude with 20% gift-wrapping by a human." Using Claude as a research assistant, he identified the vulnerable code path in under 10 minutes.
This marks another milestone for AI-assisted security research. The Apache Struts XXE vulnerability disclosed earlier this year was similarly found by Zast AI, an autonomous security research system. The pattern suggests AI tools are becoming standard equipment in vulnerability hunting.
The discovery is notable because it emerged from the interaction of multiple legitimate features rather than a single coding mistake—exactly the kind of complex interaction that traditional static analysis struggles to identify. As AI tools increasingly surface critical flaws like the CVSS 10.0 RCE in Flowise AI, expect more decade-old bugs to emerge from previously audited codebases.
Detection and Indicators
Organizations should monitor for:
- Suspicious broker connections: Internal VM transport protocol usage with
brokerConfig=xbean:http://parameters - Jolokia API abuse: POST requests to
/api/jolokia/containingaddNetworkConnectorin the body - Outbound HTTP connections: Unexpected outbound requests from the ActiveMQ process to retrieve remote configurations
Warning messages about configuration problems in broker logs may indicate payload execution has already occurred. By that point, the attacker's code has run.
Why This Matters
ActiveMQ has a troubled security history. CVE-2023-46604, a CVSS 10.0 deserialization flaw, was weaponized by ransomware gangs including LockBit within days of disclosure. Groups like Storm-1175 have shown how quickly threat actors weaponize high-value vulnerabilities—often within 24 hours. The prior ActiveMQ flaw remains actively exploited for cryptomining and initial access operations.
Message brokers occupy a privileged position in enterprise architectures. They handle inter-service communication, transaction queues, and event streams. Compromising the broker means compromising the trust layer between applications. Similar to the critical vulnerabilities in Apache Tika that threatened document processing pipelines, a flaw in core infrastructure components creates cascading risk.
Mitigation Steps
- Patch immediately: Upgrade to ActiveMQ Classic 5.19.4 or 6.2.3
- Restrict network access: Block external access to port 8161 (web console) and port 61616 (OpenWire protocol)
- Rotate credentials: Change default admin/admin credentials—this should have been done at installation
- Network segmentation: Isolate message broker infrastructure from general network access
- Monitor logs: Watch for the detection indicators described above
ActiveMQ Artemis is not affected by this vulnerability. Organizations considering a migration may find this a compelling reason to evaluate the newer broker.
The patch removes the ability for addNetworkConnector to register vm:// transports via the Jolokia API entirely—a surgical fix that eliminates the attack vector without breaking legitimate functionality.
Related Articles
Apache ActiveMQ RCE Added to CISA KEV After Exploit Surge
CVE-2026-34197 lets attackers execute arbitrary code via ActiveMQ's Jolokia API. CISA mandates federal patching by April 30 as exploitation peaks.
Apr 20, 2026Langflow Flaw Lets Anyone Execute Code on AI Workflow Servers
CVE-2026-10134 enables unauthenticated RCE in Langflow OSS through public flows. Attackers can run arbitrary Python on servers via the build endpoint.
Jul 7, 2026JetBrains Patches Critical Flaws Enabling IDE and Hub Takeover
JetBrains fixes CVSS 9.8 account takeover bug in Hub and multiple RCE vulnerabilities across IntelliJ, GoLand, and other IDEs. Update immediately.
Jul 7, 2026libssh2 Pre-Auth RCE (CVE-2026-55200) PoC Now Public
A critical memory corruption flaw in libssh2 lets malicious SSH servers execute code on connecting clients—no credentials needed. PoC dropped June 29.
Jun 30, 2026