Multiple agencies warn of remote code execution vulnerabilities targeting message broker infrastructure.
CISA and CERT-Bund issued coordinated advisories this week on actively exploited Apache ActiveMQ vulnerabilities. Three separate disclosures flag remote code execution risks affecting message broker infrastructure, suggesting a broad attack campaign rather than isolated incidents.
CERT-Bund Warns of Critical Apache ActiveMQ Flaws
CERT-Bund published a security advisory on 07.04.2026 (updated 16.04.2026) identifying multiple vulnerabilities in Apache ActiveMQ affecting Client, Broker, and Web components. The vulnerabilities carry a CVSS Base Score of 8.8 (high) with confirmed remote attack capability. An authenticated remote attacker can exploit these flaws to manipulate files or execute arbitrary code on affected systems. Organizations running any affected version (prior to 5.19.3, 6.2.2, 5.19.4, or 6.2.3 depending on component) should immediately assess exposure and apply available mitigations.
CISA Adds Apache ActiveMQ CVE to KEV Catalog
CISA has added CVE-2026-34197, an Apache ActiveMQ improper input validation vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. Binding Operational Directive (BOD) 22-01 establishes the KEV Catalog as a living list of CVEs that carry significant risk to the federal enterprise and requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by specified due dates. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice.
CISA Adds Apache ActiveMQ Code Injection to KEV Catalog
CISA added CVE-2026-34197, an Apache ActiveMQ code injection vulnerability, to its Known Exploited Vulnerabilities catalog on April 16, 2026. The vulnerability, rated HIGH at CVSS 8.8 with active exploitation status, allows authenticated attackers to achieve arbitrary code execution through the Jolokia JMX-HTTP bridge. Affected versions include Apache ActiveMQ before 5.19.4 and from 6.0.0 before 6.2.3. Federal civilian agencies are required to remediate per BOD 22-01 remediation timelines.
Sources
CERT-Bund Warns of Critical Apache ActiveMQ Flaws
CISA Adds Apache ActiveMQ CVE to KEV Catalog
CISA Adds Apache ActiveMQ Code Injection to KEV Catalog
More from Data Privacy & Cybersecurity Browse all →
Adobe Acrobat Zero-Day Under Active Exploitation, Three Agencies Warn
CVE-2026-34621, a critical Adobe Acrobat vulnerability allowing arbitrary code execution, is under active exploitation according to advisories from CSA Singapore, CERT-FR, and CISA. The agencies added multiple Adobe CVEs to exploit catalogs, signaling a coordinated attack campaign targeting unpatched systems.
April 18, 2026
CISA Warns Critical ICS Flaws Expose SQL Credentials in Mitsubishi, ICONICS Products
Vulnerabilities in industrial control software used by water, energy, and manufacturing sectors could let hackers steal database passwords
April 13, 2026
Russian APT28 Hijacks Routers to Steal Government Passwords
UK intelligence exposes GRU unit 26165 using router DNS manipulation to harvest credentials at scale
April 12, 2026
Six Agencies Warn of Iranian Hackers Targeting US Industrial Controls
Joint advisory documents active exploitation of Rockwell PLCs across energy, water, and manufacturing sectors.
April 11, 2026
Get the briefing in your inbox
The top regulatory stories, delivered daily. No noise.
Free. Unsubscribe anytime.