CVE-2026-34197

A 13-year-old remote code execution flaw in Apache ActiveMQ Classic (CVE-2026-34197, CVSS 8.8) can chain with CVE-2024-32114 to achieve unauthenticated RCE. Plus: Phorpiex botnet returns, $17.7B cybercrime losses, AI-driven DDoS, and 18 more critical threats from this week's cybersecurity roundup.

Severity

high

CVSS Score

8.4 / 10

Fix Status

Patch available

Exploitation

Actively exploited

Published

Apr 11, 2026

Affected Products

›Apache ActiveMQ Classic 5.x through 5.19.3
›Apache ActiveMQ Classic 6.0.0 through 6.2.2

Key Facts

›CVE-2026-34197 is a CVSS 8.8 remote code execution flaw in Apache ActiveMQ Classic that has lurked undetected for 13 years — it allows attackers to invoke management operations via the Jolokia API and execute OS commands remotely.
›When chained with CVE-2024-32114, which exposes the Jolokia API without authentication on versions 6.0.0–6.1.1, the combined exploit becomes a zero-credential full RCE — no username or password required at all.
›The Phorpiex botnet has returned with a hybrid P2P+HTTP architecture hitting 125,000 devices daily, distributing ransomware, crypto clippers, and sextortion spam with worm-like self-propagation across removable and network drives.
›Cybercrime cost victims over $17.7 billion in 2025 alone — a 26% jump from 2024 — with cryptocurrency investment fraud, business email compromise, and AI-assisted DDoS emerging as the dominant attack vectors this week.

Full Analysis

CVE-2026-34197: 13-Year-Old Apache ActiveMQ RCE Flaw Chains with Auth Bypass — Plus 20 More Threats This Week

Deep-dive: technical breakdown, real-world impact, complete remediation steps, and expert context.

Read the full report →

← All threat reports All articles