Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
13-Year-Old RCE Flaw Found in Apache ActiveMQ

13-Year-Old RCE Flaw Found in Apache ActiveMQ

Posted on April 8, 2026 By CWS

A critical remote code execution (RCE) vulnerability has been discovered in Apache ActiveMQ Classic, existing undetected for 13 years. The flaw, identified as CVE-2026-34197, can be combined with a prior vulnerability to bypass authentication, cybersecurity firm Horizon3.ai reports.

Apache ActiveMQ’s Role and Vulnerability

Apache ActiveMQ is a widely-used open-source messaging server that facilitates message handling and integration across various industries. The classic version, known as ActiveMQ Classic, serves as the original broker version. The latest vulnerability allows attackers to exploit management operations via the Jolokia API, leading the broker to execute operating system commands from a remote configuration file.

This security defect acts as a bypass for CVE-2022-41678, which enables attackers to deploy webshells on disk through specific JDK MBeans. A patch introduced a flag that permits all ActiveMQ MBeans operations to be triggered using Jolokia, with the RCE issue emerging in broker-to-broker bridge operations.

Exploitation Methodology

To exploit this bug, attackers would need to target ActiveMQ’s VM transport feature, designed to embed a broker within an application. This allows direct communication between the client and broker in the same JVM. If the VM transport URI points to a non-existent broker, ActiveMQ will create one and possibly load a configuration containing attacker-provided URLs.

By leveraging these elements, an attacker could coerce the broker into executing a Spring XML configuration file, thereby enabling remote code execution. The cybersecurity firm notes that in some cases, RCE can occur without authentication by exploiting CVE-2024-32114, which leaves the Jolokia API exposed to unauthenticated users in ActiveMQ 6.x versions.

Security Measures and Recommendations

CVE-2024-32114 pertains to a vulnerability where the /api/* path, encompassing the Jolokia endpoint, was mistakenly omitted from the security constraints of the web console. This oversight results in complete unauthenticated access on ActiveMQ versions 6.0.0 to 6.1.1.

The security flaw has been mitigated in ActiveMQ Classic versions 5.19.4 and 6.2.3. Users are strongly encouraged to update their systems promptly to safeguard against potential exploits.

In related cybersecurity developments, hackers are targeting vulnerabilities in Ninja Forms, posing risks to WordPress sites, and Anthropic has introduced the ‘Claude Mythos’ breakthrough, which has implications for cyber defense and attack strategies. Additionally, a critical vulnerability in Flowise and a severe flaw in Android’s StrongBox have recently been patched.

Security Week News Tags:ActiveMQ Classic, Apache ActiveMQ, CVE-2022-41678, CVE-2024-32114, CVE-2026-34197, Cybersecurity, Horizon3.ai, Jolokia API, middleware security, RCE vulnerability, software update

Post navigation

Previous Post: Amazon S3 Files Transforms Cloud Data Management
Next Post: Critical Docker Flaw Allows Unauthorized Host Access

Related Posts

Google’s B Wiz Acquisition Gets EU Nod Google’s $32B Wiz Acquisition Gets EU Nod Security Week News
Nippon Steel Subsidiary Blames Data Breach on Zero-Day Attack Nippon Steel Subsidiary Blames Data Breach on Zero-Day Attack Security Week News
US Links Handala Hackers to Iranian Government US Links Handala Hackers to Iranian Government Security Week News
SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations Security Week News
NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data Security Week News
Critical HPE OneView Vulnerability Exploited in Attacks Critical HPE OneView Vulnerability Exploited in Attacks Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AssuranceAmerica Data Breach Affects Millions’ Personal Data
  • npm 12 Enhances Security by Disabling Install Scripts
  • Maximizing Threat Intelligence for Effective SOC Operations
  • Palo Alto Networks Fixes Critical Security Flaws
  • Windows Update Installs LG App with McAfee Ads

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AssuranceAmerica Data Breach Affects Millions’ Personal Data
  • npm 12 Enhances Security by Disabling Install Scripts
  • Maximizing Threat Intelligence for Effective SOC Operations
  • Palo Alto Networks Fixes Critical Security Flaws
  • Windows Update Installs LG App with McAfee Ads

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark