{"id":233353,"date":"2026-04-16T23:22:00","date_gmt":"2026-04-17T03:22:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/16\/apache-activemq-cve-2026-34197-added-to-cisa-kev-amid-active-exploitation\/"},"modified":"2026-04-20T10:45:08","modified_gmt":"2026-04-20T14:45:08","slug":"apache-activemq-cve-2026-34197-added-to-cisa-kev-amid-active-exploitation","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/16\/apache-activemq-cve-2026-34197-added-to-cisa-kev-amid-active-exploitation\/","title":{"rendered":"Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/apache-activemq-cve-2026-34197-added-to.html\">Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/apache-activemq-cve-2026-34197-added-to.html\">https:\/\/thehackernews.com\/2026\/04\/apache-activemq-cve-2026-34197-added-to.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-16 23:22:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Apr 17, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Enterprise Security<\/span><\/p>\n<p>A recently disclosed high-severity security flaw in Apache ActiveMQ\u00a0Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency\u00a0(CISA).<\/p>\n<p>To that end, the agency\u00a0has added the vulnerability, tracked\u00a0as <strong>CVE-2026-34197<\/strong> (CVSS score: 8.8), to its Known Exploited Vulnerabilities\u00a0(KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by April 30,\u00a02026.<\/p>\n<p>CVE-2026-34197\u00a0has been described as a case of improper input validation that could lead to code injection, effectively allowing an attacker to execute arbitrary code on susceptible installations. According\u00a0to Horizon3.ai&#8217;s Naveen Sunkavally, CVE-2026-34197 has\u00a0been\u00a0&#8220;hiding in plain\u00a0sight&#8221; for 13\u00a0years.\u00a0<\/p>\n<p>&#8220;An attacker can invoke a management operation\u00a0through ActiveMQ&#8217;s Jolokia API to trick the broker into fetching a remote configuration file and running arbitrary OS\u00a0commands,&#8221; Sunkavally\u00a0added.<\/p>\n<p>&#8220;The vulnerability requires credentials, but default credentials (admin:admin) are common in many environments. On some versions (6.0.0\u20136.1.1), no credentials are\u00a0required at\u00a0all due to another vulnerability, CVE-2024-32114, which inadvertently exposes the Jolokia API without authentication. In those versions, CVE-2026-34197 is effectively an unauthenticated\u00a0RCE.&#8221;<\/p>\n<p>The vulnerability impacts the following versions\u00a0&#8211;<\/p>\n<ul>\n<li>Apache ActiveMQ Broker (org.apache.activemq:activemq-broker) before 5.19.4<\/li>\n<li>Apache ActiveMQ Broker (org.apache.activemq:activemq-broker) 6.0.0\u00a0before 6.2.3<\/li>\n<li>Apache ActiveMQ (org.apache.activemq:activemq-all) before 5.19.4<\/li>\n<li>Apache ActiveMQ (org.apache.activemq:activemq-all) 6.0.0\u00a0before 6.2.3<\/li>\n<\/ul>\n<p>Users are\u00a0advised to upgrade to version 5.19.4\u00a0or 6.2.3, which addresses the issue. There\u00a0are currently no details on how CVE-2026-34197\u00a0is being\u00a0exploited in the\u00a0wild, but\u00a0SAFE Security, in a report published this week, revealed that&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/apache-activemq-cve-2026-34197-added-to.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation https:\/\/thehackernews.com\/2026\/04\/apache-activemq-cve-2026-34197-added-to.html Publish Date: 2026-04-16 23:22:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":233354,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiKAY7CueGuHevAtV544WN7RTKISrobQLFpjfi4kjdzP1I2BA3rnll69dv1kfvHYSCcU5tQISA0OOgcQVibKrl4o0AvtUyM9crfZuSb1XFH03iLtPglZeHn1e6S8urWxf_4CEH9-tCZdT9BBrvXOFygCxjO_AUmUXnzm4d37Q80fPw3lEn6Hb0_LWlP9XM5\/s1600\/apachemq.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,27],"class_list":["post-233353","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233353"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=233353"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233353\/revisions"}],"predecessor-version":[{"id":233355,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233353\/revisions\/233355"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/233354"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=233353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=233353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=233353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}