"Tracked as CVE-2026-34197, the newly identified bug allows attackers to invoke management operations through the Jolokia API and entice the broker to retrieve a remote configuration file and execute OS commands."
"By chaining the two mechanisms, an attacker could trick the broker into retrieving and running a Spring XML configuration file that 'instantiates all bean definitions, resulting in remote code execution.'"
"The bug's exploitation, however, also requires targeting ActiveMQ's VM transport feature, which was designed for embedding a broker inside an application."
A remote code execution vulnerability in Apache ActiveMQ Classic, tracked as CVE-2026-34197, allows attackers to invoke management operations via the Jolokia API. This vulnerability can be chained with CVE-2022-41678, enabling attackers to write webshells to disk. The exploitation requires targeting ActiveMQ's VM transport feature, which facilitates direct communication between the client and broker. By manipulating the broker to load attacker-supplied configuration files, remote code execution can be achieved, sometimes without authentication through CVE-2024-32114.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]