Over 6,400 Apache ActiveMQ servers at risk of ongoing attacks

Active intrusions exploiting the high-severity Apache ActiveMQ code injection flaw, tracked as CVE-2026-34197, could compromise 6,476 internet-exposed instances of the widely used open-source Java-based message broker around the world, reports BleepingComputer.

Asia had the highest number of vulnerable Apache ActiveMQ servers, at nearly 3,000, followed by North America and Europe, according to findings from The Shadowserver Foundation. Attackers could leverage CVE-2026-34197, which originates from an improper input validation issue, to enable arbitrary code execution, reported Horizon3 researcher Naveen Sunkavally, who used Claude AI to uncover the bug that had been undetected for over a decade.

Such a development comes as federal civilian executive branch agencies were urged by the Cybersecurity and Infrastructure Security Agency to remediate the security issue by Apr. 30 following its inclusion in the agency's Known Exploited Vulnerabilities catalog on Thursday. Organizations have also been advised by Horizon3 researchers to monitor dubious broker connections for potential exploitation.