Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
13-Year-Old RCE Flaw Found in Apache ActiveMQ

13-Year-Old RCE Flaw Found in Apache ActiveMQ

Posted on April 8, 2026 By CWS

A critical remote code execution (RCE) vulnerability has been discovered in Apache ActiveMQ Classic, existing undetected for 13 years. The flaw, identified as CVE-2026-34197, can be combined with a prior vulnerability to bypass authentication, cybersecurity firm Horizon3.ai reports.

Apache ActiveMQ’s Role and Vulnerability

Apache ActiveMQ is a widely-used open-source messaging server that facilitates message handling and integration across various industries. The classic version, known as ActiveMQ Classic, serves as the original broker version. The latest vulnerability allows attackers to exploit management operations via the Jolokia API, leading the broker to execute operating system commands from a remote configuration file.

This security defect acts as a bypass for CVE-2022-41678, which enables attackers to deploy webshells on disk through specific JDK MBeans. A patch introduced a flag that permits all ActiveMQ MBeans operations to be triggered using Jolokia, with the RCE issue emerging in broker-to-broker bridge operations.

Exploitation Methodology

To exploit this bug, attackers would need to target ActiveMQ’s VM transport feature, designed to embed a broker within an application. This allows direct communication between the client and broker in the same JVM. If the VM transport URI points to a non-existent broker, ActiveMQ will create one and possibly load a configuration containing attacker-provided URLs.

By leveraging these elements, an attacker could coerce the broker into executing a Spring XML configuration file, thereby enabling remote code execution. The cybersecurity firm notes that in some cases, RCE can occur without authentication by exploiting CVE-2024-32114, which leaves the Jolokia API exposed to unauthenticated users in ActiveMQ 6.x versions.

Security Measures and Recommendations

CVE-2024-32114 pertains to a vulnerability where the /api/* path, encompassing the Jolokia endpoint, was mistakenly omitted from the security constraints of the web console. This oversight results in complete unauthenticated access on ActiveMQ versions 6.0.0 to 6.1.1.

The security flaw has been mitigated in ActiveMQ Classic versions 5.19.4 and 6.2.3. Users are strongly encouraged to update their systems promptly to safeguard against potential exploits.

In related cybersecurity developments, hackers are targeting vulnerabilities in Ninja Forms, posing risks to WordPress sites, and Anthropic has introduced the ‘Claude Mythos’ breakthrough, which has implications for cyber defense and attack strategies. Additionally, a critical vulnerability in Flowise and a severe flaw in Android’s StrongBox have recently been patched.

Security Week News Tags:ActiveMQ Classic, Apache ActiveMQ, CVE-2022-41678, CVE-2024-32114, CVE-2026-34197, Cybersecurity, Horizon3.ai, Jolokia API, middleware security, RCE vulnerability, software update

Post navigation

Previous Post: Amazon S3 Files Transforms Cloud Data Management
Next Post: Critical Docker Flaw Allows Unauthorized Host Access

Related Posts

Klue Supply Chain Breach Affects Cybersecurity Giants Klue Supply Chain Breach Affects Cybersecurity Giants Security Week News
Pro-Iranian Group Hacks FBI Director’s Account Pro-Iranian Group Hacks FBI Director’s Account Security Week News
NASA Needs Agency-Wide Cybersecurity Risk Assessment: GAO NASA Needs Agency-Wide Cybersecurity Risk Assessment: GAO Security Week News
MITRE Unveils Comprehensive Fraud Prevention Framework MITRE Unveils Comprehensive Fraud Prevention Framework Security Week News
The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce Security Week News
Hijacked Satellites and Orbiting Space Weapons: In the 21st Century, Space Is the New Battlefield Hijacked Satellites and Orbiting Space Weapons: In the 21st Century, Space Is the New Battlefield Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Microsoft’s AI Strategy Enhances Vulnerability Detection
  • Cloud Bucket Hijacking and Global Fraud: Key Cybersecurity Threats
  • AssuranceAmerica Data Breach Affects Millions’ Personal Data
  • npm 12 Enhances Security by Disabling Install Scripts
  • Maximizing Threat Intelligence for Effective SOC Operations

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Microsoft’s AI Strategy Enhances Vulnerability Detection
  • Cloud Bucket Hijacking and Global Fraud: Key Cybersecurity Threats
  • AssuranceAmerica Data Breach Affects Millions’ Personal Data
  • npm 12 Enhances Security by Disabling Install Scripts
  • Maximizing Threat Intelligence for Effective SOC Operations

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark