Vulnerability intelligence
CVE-2026-34197
Apache ActiveMQ Improper Input Validation Vulnerability
Apache ActiveMQ
Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.
CVSS Score
8.8
High
EPSS — Exploit Probability
0.0%
Riskier than 0% of all CVEs
Exploitation
Not in CISA KEV
Used in ransomware campaigns
Remediation
unknown
Check vendor advisories
CISA required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
2 articles across 2 outlets · first covered Apr 8, 2026 · latest Apr 8, 2026
Coverage timeline
-
RCE Bug Lurked in Apache ActiveMQ Classic for 13 Yearswww.securityweek.com · Apr 8, 2026
-
AI powered tool finds decade old Apache ActiveMQ Classic RCE flawwww.infosecurity-magazine.com · Apr 8, 2026