"CVE-2026-34197 has been described as a case of improper input validation that could lead to code injection, effectively allowing an attacker to execute arbitrary code on susceptible installations."
"An attacker can invoke a management operation through ActiveMQ's Jolokia API to trick the broker into fetching a remote configuration file and running arbitrary OS commands."
"The vulnerability requires credentials, but default credentials (admin:admin) are common in many environments. On some versions, no credentials are required at all due to another vulnerability, CVE-2024-32114."
"Users are advised to upgrade to version 5.19.4 or 6.2.3, which addresses the issue. Threat actors are actively targeting exposed Jolokia management endpoints."
CVE-2026-34197 is a high-severity vulnerability in Apache ActiveMQ Classic, categorized as improper input validation leading to code injection. The U.S. Cybersecurity and Infrastructure Security Agency has added it to the Known Exploited Vulnerabilities catalog, mandating fixes by April 30, 2026. The flaw allows attackers to execute arbitrary code via the Jolokia API, often using default credentials. Affected versions include those before 5.19.4 and 6.2.3. Users are urged to upgrade to secure versions to mitigate risks from active exploitation targeting Jolokia management endpoints.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]