CISA flags Apache ActiveMQ flaw as actively exploited in attacks

CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this ...

CISA tells feds to patch 13-year-old Apache ActiveMQ bug under active attack

The US cybersecurity agency added the bug, tracked as CVE-2026-34197, to its Known Exploited Vulnerabilities (KEV) catalog on ...
The Hacker News

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

CVE-2026-34197 exploited in Apache ActiveMQ; CISA KEV listing sets April 30, 2026 patch deadline, increasing enterprise RCE ...
SecurityWeek

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

Organizations are warned that a recently patched vulnerability affecting Apache ActiveMQ Classic is being exploited in the ...

13-year-old bug in ActiveMQ lets hackers remotely execute commands

Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone ...

Attackers are attacking Apache ActiveMQ Broker, Apache ActiveMQ

Admins should quickly install the versions of Apache ActiveMQ Broker and Apache ActiveMQ that are protected against currently ...
SecurityWeek

RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years

RCE vulnerability in Apache ActiveMQ Classic that remained unnoticed for 13 years can be exploited via an Jolokia API.
Infosecurity Magazine

Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years

Horizon3.ai chief architect, Naveen Sunkavally, explained in a blog post, published on April 7, that remote code execution ...
Threat Post

Cross-Site Scripting Flaw in Apache ActiveMQ Threatens Web Visitors

With the malicious code embedded into websites, the attacker can then piggyback on the trust level of the website and launch a variety of attacks. Researchers have found a cross-site scripting (XSS) ...
CSOonline

Patched Apache ActiveMQ bug abused to drop Godzilla web shells

The attack methods being used to abuse the bug can successfully circumvent security measures, evading detection by security endpoints during scanning. A patched critical remote code execution (RCE) ...