[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:cve-2026-34197-13-year-old-apache-activemq-rce-via-jolokia-api-surfaces-for-in-t-mo7if4th":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":13,"action_required":19,"article_ids":20,"ioc_summary":22,"source_urls":23,"status":25,"expires_at":26,"created_at":27,"updated_at":28,"articles":29},"78ab4c1e-4060-4d08-805a-e95175a2761c","CVE-2026-34197: 13-Year-Old Apache ActiveMQ RCE via Jolokia API Surfaces for In-the-Wild Attacks","cve-2026-34197-13-year-old-apache-activemq-rce-via-jolokia-api-surfaces-for-in-t-mo7if4th","Apache ActiveMQ Classic has a 13-year-old RCE vulnerability (CVE-2026-34197) in the Jolokia API that is actively exploited in the wild. Attackers chain vm:\u002F\u002F URIs with remote Spring XML configs to execute arbitrary code as the broker process. Any organization running ActiveMQ Classic without the April 30 patch deadline is at immediate risk.","critical","advisory",[12],"CVE-2026-34197",[14,15,16,17,18],"Apache ActiveMQ Classic","Jolokia API","Apache Software Foundation","Horizon3.ai","CISA","Identify all ActiveMQ Classic instances in your environment and patch to the latest version immediately. If patching is not possible by April 30, isolate affected systems or disable the Jolokia API endpoint.",[21],"ee7749f1-f7fe-4993-8019-a7c1522cf6ef",null,[24],"https:\u002F\u002Fdarkwebinformer.com\u002Fcve-2026-34197-13-year-old-apache-activemq-rce-via-jolokia-api-surfaces-for-in-the-wild-attacks\u002F","archived","2026-04-22T18:09:46.561+00:00","2026-04-20T18:09:48.658287+00:00","2026-04-25T14:09:53.96931+00:00",[30],{"id":21,"title":6,"url":24}]