COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-34197

CVE-2026-34197

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-16
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-34197
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wildunpatchedransomwaresupply-chain

Apache ActiveMQ exploited a code injection vulnerability (CVE-2026-34197) allowing remote code execution.

Apache ActiveMQ contained an improper input validation flaw enabling code injection, which was actively exploited in the wild as of July 2026. DIB organizations must patch immediately to prevent unauthorized access to messaging systems and potential data exfiltration, as this represents a critical supply-chain risk for systems relying on ActiveMQ.

Shame score — ActiveMQ shipped with a known, actively exploited code injection vulnerability that was not patched in a timely manner, exposing critical messaging infrastructure to ransomware and data theft.

Players implicated

apache · vendorActiveMQ · product

Description

Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.