【Vulnerability Alert】Apache ActiveMQ Classic Contains a High-Risk Security Vulnerability (CVE-2026-34197). Please Verify and Apply Patches as Soon as Possible.
publish date :
2026-04-24
update date :
2026-04-24
Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026042208041010 | Publication Time | 2026/04/22 08:32 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026/04/22 08:32 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】Apache ActiveMQ Classic Contains a High-Risk Security Vulnerability (CVE-2026-34197). Please Verify and Apply Patches as Soon as Possible. |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202604-00000011 Researchers have identified improper input validation and code injection vulnerabilities in Apache ActiveMQ Classic (CVE-2026-34197). Because the Jolokia JMX-HTTP interface exposed by the Web Console allows specific operations and lacks input validation, an authenticated remote attacker may supply malicious parameters and thereby execute arbitrary code. This vulnerability has already been exploited by attackers. Please verify and apply the necessary patches as soon as possible. (Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] Apache ActiveMQ Broker versions earlier than 5.19.4 Apache ActiveMQ Broker versions 6.0.0 through earlier than 6.2.3 Apache ActiveMQ versions earlier than 5.19.4 Apache ActiveMQ versions 6.0.0 through earlier than 6.2.3 |
|||
| [Recommended Actions] The official vendor has released a security update to address this vulnerability. Please refer to the official instructions for updating at the following URL: https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt |
|||
| [Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2026-34197 2. https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center