CVE-2026-34197 – Apache ActiveMQ Broker
CVSS 8.8
IMPORTANT
“When a messaging broker is exposed, attackers can move from messages to full system control.”
Apache addressed CVE-2026-34197 in ActiveMQ Broker, a high-severity vulnerability that can allow remote code execution through improper handling of incoming messages or requests. This flaw impacts core messaging functionality and could enable attackers to execute arbitrary code, potentially compromising the broker and connected systems.
CVE-2026-34197 has a CVSS score of 8.8, which is High severity. There is no verified evidence of active exploitation or publicly available proof-of-concept code. The patch strengthens input validation and message handling to prevent unauthorized code execution and protect messaging infrastructure.
Key Details
- Affected Product
- Apache Activemq
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- CWE Classification
- CWE-20
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.