Exposures › CVE-2026-34197
Apache ActiveMQ exploited a code injection vulnerability (CVE-2026-34197) allowing remote code execution.
Apache ActiveMQ contained an improper input validation flaw enabling code injection, which was actively exploited in the wild as of July 2026. DIB organizations must patch immediately to prevent unauthorized access to messaging systems and potential data exfiltration, as this represents a critical supply-chain risk for systems relying on ActiveMQ.
Shame score — ActiveMQ shipped with a known, actively exploited code injection vulnerability that was not patched in a timely manner, exposing critical messaging infrastructure to ransomware and data theft.
Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.
No correlated FedRAMP products.