Adds a new exploit module exploit/multi/http/apache_activemq_jolokia_rce targeting CVE-2026-34197 in Apache ActiveMQ. The module abuses the Jolokia JMX-over-HTTP API exposed at /api/jolokia/ by calling the addNetworkConnector() MBean operation with a crafted brokerConfig=xbean:http://... URI. ActiveMQ fetches the attacker-controlled URL and instantiates it as a Spring XML application context, achieving remote code execution via a java.lang.ProcessBuilder bean. Authentication is required to exploit this vulnerability.
| Vendor | Product | Versions |
|---|---|---|
| apache | activemq | 0, 6.0.0, 0, 6.0.0, 0, 6.0.0 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| apache | activemq_broker | cve_cpe | 95% |
| maven | org.apache.activemq:activemq-broker | GHSA | 85% |
| maven | org.apache.activemq:activemq-all | GHSA | 85% |
Updated description with more technical details and added a new IOC for the exploit.
Updated description with new exploit details and changed severity to HIGH.
Updated severity to HIGH, added information about over 6,400 vulnerable IP addresses, and included new tag CISA KEV.
Updated severity to HIGH and added CVE-2024-32114 as a related vulnerability.
Updated severity to HIGH, added CWE-287, and included CVE-2024-32114 as a related vulnerability.
Added CISA KEV tag and confirmed CVSS score as 8.8.
Updated description with more technical details and added affected version 6.1.1.
Updated description with more technical details and added affected version 6.1.1.
Updated severity from NONE to HIGH and marked the vulnerability as actively exploited.
Updated description with new technical details, changed severity to HIGH, confirmed CVSS score of 8.8, added new CWE ID, marked as actively exploited, and included new IoCs and tags.
Updated description with new technical details, changed severity to HIGH, added new CWEs, and included new IoCs and MITRE ATT&CK technique T1203.
Initial creation
