What is the CVSS score of CVE-2026-34197?

CVE-2026-34197 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Java are affected by CVE-2026-34197?

Apache ActiveMQ Classic versions 5.19.5 and earlier, plus 6.0.0-6.2.2, contain a remote code execution vulnerability in Jolokia MBean operations that allows authenticated web console users to execute…. A patch is available.

Is there a public PoC exploit available for CVE-2026-34197?

Yes, a public proof-of-concept exploit is available for CVE-2026-34197. Prioritise patching immediately. EPSS: 0.1%.

Java CVE-2026-34197

EUVD-2026-19588 HIGH

Improper Input Validation (CWE-20)

2026-04-07 apache

GHSA-rxpj-7qvf-xv32

RCE Apache Java Red Hat

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 16, 2026 - 19:22 vuln.today

cvss_changed

Added to CISA KEV

Apr 16, 2026 - 18:02 CISA

PoC Detected

Apr 08, 2026 - 16:16 vuln.today

Public exploit code

EUVD ID Assigned

Apr 07, 2026 - 08:30 euvd

EUVD-2026-19588

Analysis Generated

Apr 07, 2026 - 08:30 vuln.today

CVE Published

Apr 07, 2026 - 07:50 nvd

HIGH 8.8

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

6 maven packages depend on org.apache.activemq:activemq-all (3 direct, 3 indirect)
21 maven packages depend on org.apache.activemq:activemq-broker (14 direct, 7 indirect)

Ecosystem-wide dependent count for version 6.0.0 and other introduced versions.

DescriptionNVD

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ.

Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String).

An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: .

Users are recommended to upgrade to version 5.19.5 or 6.2.3, which fixes the issue.

AnalysisAI

Remote code execution in Apache ActiveMQ Classic versions before 5.19.5 and 6.0.0-6.2.2 allows authenticated attackers to execute arbitrary code on the broker's JVM via Jolokia MBean operations. Attackers with low-privilege web console access can invoke BrokerService.addNetworkConnector() with a malicious discovery URI containing a VM transport brokerConfig parameter that loads remote Spring XML contexts, triggering bean instantiation and code execution through factory methods like Runtime.exec(

RemediationAI

Within 24 hours: Identify and document all ActiveMQ Classic deployments, versions, and network exposure (particularly web console access). Within 7 days: Restrict web console access to trusted networks only via firewall or network segmentation; disable Jolokia MBean operations if not operationally required. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory