Apache ActiveMQ Improper Input Validation Vulnerability
Apache — ActiveMQ
- Added to KEV catalog
- 16 April 2026
- Federal remediation due date
- 30 April 2026
- Weakness classification (CWE)
- CWE-20, CWE-94
CISA Description
Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes
https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt ; https://nvd.nist.gov/vuln/detail/CVE-2026-34197
More Apache Vulnerabilities
Apache HTTP Server Improper Escaping of Output Vulnerability
Apache Tomcat Path Equivalence Vulnerability
Apache OFBiz Forced Browsing Vulnerability
Apache HugeGraph-Server Improper Access Control Vulnerability
Apache OFBiz Incorrect Authorization Vulnerability
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services