Claude Identifies Critical 13-Year-Old RCE Vulnerability in Apache ActiveMQ
An AI assistant recently uncovered a critical remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that went unnoticed for 13 years.
Tracked as CVE-2026-34197, this flaw allows attackers to force the message broker to download a remote configuration file and execute arbitrary operating system commands.
While exploiting this typically requires administrator credentials, a separate flaw in specific versions makes it exploitable without any authentication.
Breaking Down the Exploit
ActiveMQ Classic includes a web-based management console that uses Jolokia, an interface exposing broker management operations as a REST API.
After a previous vulnerability in 2023, developers restricted Jolokia to read-only operations by default but allowed all operations on ActiveMQ’s own management beans (MBeans) to keep the console functional.
This blanket permission left a dangerous loophole. Attackers can call a specific operation named addNetworkConnector through the Jolokia API. Normally, developers use this feature to link brokers together for load balancing.

However, by supplying a crafted vm:// URI, an internal transport protocol meant for embedded testing, the broker attempts to create a new connection.
If the attacker points this URI to a malicious, remote Spring XML configuration file, the broker fetches and executes the file, granting the attacker full system control.

For example, an attacker simply sends a JSON payload to the Jolokia API containing a rogue xbean:http:// URL, instructing the server to run a malicious script upon connection.
Under normal circumstances, an attacker needs default credentials (such as admin:admin) to access the Jolokia endpoint.
However, organizations running ActiveMQ versions 6.0.0 through 6.1.1 face a much higher risk.
A separate vulnerability, CVE-2024-32114, accidentally removed security constraints from the API path.
In these specific versions, the Jolokia endpoint is completely exposed, turning CVE-2026-34197 into an unauthenticated RCE attack.
Security researcher Naveen Sunkavally discovered this flaw using the Claude AI model, demonstrating how large language models are transforming vulnerability hunting.
By prompting the AI to analyse the codebase for accessible endpoints and prior vulnerabilities, the model pieced together the complex interaction between Jolokia, JMX, and network connectors in just 10 minutes, a task that often takes human researchers weeks of manual review.
Securing ActiveMQ Deployments
Organizations using ActiveMQ must treat this as a high priority, given the software’s history of being targeted by ransomware groups and nation-state actors.
To protect your infrastructure:
- Update immediately to ActiveMQ Classic versions 5.19.4 or 6.2.3, which remove the dangerous
vm://transport capability from remote operations. - Change all default credentials, especially the standard
admin:admincombination. - Monitor broker logs for suspicious network connector activity, specifically looking for
vm://URIs combined withbrokerConfig=xbean:httpparameters. - Watch for unexpected POST requests to the
/api/jolokia/path containingaddNetworkConnectorin the body. - Set up alerts for unexpected outbound HTTP requests originating from the ActiveMQ broker process or unusual child processes spawning from the Java application.