Claude Finds 13-Year-Old 0-Day RCE Vulnerability in Apache ActiveMQ in 10 Minutes

There is a serious security flaw in Apache ActiveMQ Classic that has been around for ten years This article explores flaw apache activemq. . The Claude AI model from Anthropic found this flaw in less than 10 minutes and called it CVE-2026-34197.

The problem is caused by not properly checking input and injecting code. This problem started because of a fix for Apache. ActiveMQ versions 6.0.0 to 6.1.1 do not have authentication checks on the /api/* path, which means that companies that use these versions are open to a fully unauthenticated RCE path. All organizations that are affected should update their deployments right away and make sure that default credentials are not used on any of their ActiveMQ instances.

Versions 5.19.4 and 6.2.3 of ActiveMQClassic have fixed the problem. The fix takes away addNetworkConnector's ability to registervm:// transports through Jolokia.

Claude AI from Horizon3.ai found the weakness using a simple prompt and a live target for testing. The team let the AI follow the multi-part attack chain that went through Jolokia, JMX, network connectors, and VM transports in about ten minutes. Analysts said that a skilled human researcher would probably have needed a week to map this chain by hand.

Please see the Discover More section of our whitepaper for more information. It has information on how to find and fix security holes in your organization's IT infrastructure and security systems. If you have any questions about the ActiveMQ security stack or how to keep your data safe, please let us know.