CVE-2026-34197: Apache ActiveMQ Classic RCE Bug Discovered by AI After 13 Years Undetected
A remote code execution vulnerability in Apache ActiveMQ Classic, discovered with the help of Anthropic's Claude AI, went undetected for 13 for 13 years and is now patched.
Security researchers have uncovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that remained hidden for 13 years. The flaw, tracked as CVE-2026-34197, was discovered by Horizon3.ai chief architect Naveen Sunkavally with significant assistance from Anthropic's Claude AI. The vulnerability allows an attacker to invoke management operations through ActiveMQ's Jolokia API, tricking the broker into fetching a remote configuration file, and executing arbitrary OS commands.
CVE-2026-34197 requires credentials to exploit, but default credentials (admin:admin) are common in many environments. On versions 6.0.0 through 6.1.1, another vulnerability (CVE-2024-32114) exposes the Jolokia API without authentication, making CVE-2026-34197 effectively an unauthenticated RCE on those versions. This chain of weaknesses makes the bug particularly dangerous for organizations that have not changed default credentials or updated their ActiveMQ installations.
The vulnerability is patched in ActiveMQ Classic versions 5.19.4 and 6.2.3. Users are strongly advised to update immediately and ensure no default credentials are in use. Organizations concerned about potential compromise should check ActiveMQ broker logs for network connector activity referencing vm:// URIs with brokerConfig=xbean:http. Other indicators of compromise include POST requests to /api/jolokia/ containing addNetworkConnector in the request body, outbound HTTP requests from the ActiveMQ broker process to unexpected hosts, and unexpected child processes spawned by the ActiveMQ Java process.
The discovery of CVE-2026-34197 was largely driven by AI. Sunkavally explained that the finding was "80% Claude and 20% gift-wrapping by a human. He noted that he uses Claude to take a first pass at source code for vulnerability hunting, prompting it lightly and setting up a target on the network for it to validate findings. While Claude often finds interesting issues that don't rise to the level of a CVE, in this case it performed exceptionally well with just a couple of basic prompts.
The flaw had remained hidden for 13 years partly because it involved multiple components developed independently over that time. In isolation, each feature looked fine, but they became dangerous when chained together. Sunkavally highlighted that this is exactly where Claude shone – efficiently stitching together this path end to end with a clear head free of assumptions. Something that would have probably taken him a week manually took Claude 10 minutes.
This discovery underscores the growing role of AI in vulnerability research. Sunkavally urged appsec engineers and developers to use tools like Claude in their work, claiming that anyone with a security background can take advantage. The finding also highlights the risks of long-standing, multi-component vulnerabilities that can be overlooked by traditional manual analysis.
Organizations running Apache ActiveMQ Classic should prioritize patching and credential hardening. The combination of default credentials and the potential for unauthenticated exploitation on certain versions makes this a high-priority issue. The availability of detailed indicators of compromise should help organizations detect any past exploitation attempts.