Java

vulnerabilities 2026-04-16
CISA Adds Apache ActiveMQ CVE-2026-34197 to KEV as 13-Year-Old Jolokia RCE Sees Active Exploitation
CISA added CVE-2026-34197 to the KEV catalog today with an April 30 patch deadline. The 13-year-old Jolokia MBean flaw yields RCE on the broker JVM and is unauthenticated on ActiveMQ 6.0.0–6.1.1 when chained with CVE-2024-32114.
cve-2026-34197 apache-activemq jolokia rce cisa-kev java spring messaging

CISA Adds Apache ActiveMQ CVE-2026-34197 to KEV as 13-Year-Old Jolokia RCE Sees Active Exploitation