Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Apache ActiveMQ Classic CVE-2026-34197 patch release

Security Patch Release
First reported
Last updated
Happening score
H score 50
2 unique sources, 2 articles

Summary

Hide ▲

Apache ActiveMQ Classic patched CVE-2026-34197, a remote code execution flaw that lets an attacker abuse the Jolokia API to run OS commands. Users running the broker are advised to upgrade to 5.19.4 or 6.2.3 and ensure default credentials are not in use. On 6.0.0-6.1.1, related conditions can make the issue effectively unauthenticated RCE.

Related Happenings

Ivanti security patch release for CVE-2026-8043

Security Patch Release
First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

CPanel security patch release for CVE-2026-29201

Security Patch Release
First: 09.05.2026 10:16 Last: 09.05.2026 10:16 Sources 1

About this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...

Open Happening

Progress Software security patch release for CVE-2026-4670

Security Patch Release
First: 04.05.2026 19:34 Last: 04.05.2026 19:34 Sources 1

About this happening: **Progress Software** has released **MOVEit Automation** updates to fix **CVE-2026-4670** and **CVE-2026-5174**, including a **critical authentication bypass** that could expose e...

Open Happening

LiteLLM security patch release for CVE-2026-42208

Security Patch Release
First: 29.04.2026 00:07 Last: 29.04.2026 00:07 Sources 1

About this happening: **LiteLLM version 1.83.7** ships a fix for **CVE-2026-42208**, closing a **critical SQL injection** path in the proxy API key verification flow. The release replaces **string conc...

Open Happening

CISA Apache ActiveMQ CVE-2026-34197 mitigation order

Advisory/Mitigation
First: 21.04.2026 14:17 Last: 21.04.2026 14:17 Sources 1

How related: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also warned on Thursday that this Apache ActiveMQ vulnerability is now actively exploited in attacks and ordered Federal Civilian Executive Branch (FCEB) agencies to secure their servers by April 30.

About this happening: **CISA** ordered **FCEB agencies** to secure **Apache ActiveMQ** servers by **April 30** after **CVE-2026-34197** was confirmed **actively exploited**. The flaw can allow **arbitr...

Open Happening

Timeline

  1. 07.04.2026 03:00 2 articles · 1mo ago

    Apache ActiveMQ Classic releases fixes for CVE-2026-34197

    Mitigation Patch Update

    Apache ActiveMQ Classic was patched in versions 5.19.4 and 6.2.3 for CVE-2026-34197, an RCE path in the Jolokia API that can let an attacker fetch a remote configuration file and execute arbitrary OS commands; operators are advised to upgrade and ensure default credentials such as admin:admin are not in use.

    Show sources
    Open in new tab