Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes
Summary
Claude, an AI assistant, discovered a critical remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability in Apache ActiveMQ that had gone undetected for 13 years. The bug allows attackers to trick ActiveMQ's management API into loading a malicious file from the internet and executing arbitrary commands, especially if default login credentials are still in use. Claude identified the complete exploit chain in about 10 minutes, a task that would have taken a human researcher roughly a week.
Solution / Mitigation
CVE-2026-34197 has been addressed in newer ActiveMQ Classic releases (version 6.2.3 and 5.19.4). Users must upgrade to these patched versions to be protected.
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4157146/claude-uncovers-a-13%e2%80%91year%e2%80%91old-activemq-rce-bug-within-minutes.html
First tracked: April 10, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 85%