Security Advisory

Apache Product Security Update Advisory (CVE-2026-34197)

Apr 13 2026

Apache Product Security Update Advisory (CVE-2026-34197)

Summary.

A lack of input validation and code injection vulnerability (CVE-2026-34197) was reported in Apache ActiveMQ and Apache ActiveMQ Broker.

Affected Versions.

Apache ActiveMQ Broker: 5.19.4 and earlier and 6.0.0 and earlier and 6.2.3 and earlier.
Apache ActiveMQ: 5.19.4 and earlier and 6.0.0 and earlier than 6.2.3.

Vulnerability Description and Impact.

this is a vulnerability that could allow code injection due to lack of input validation.
code injection could potentially lead to arbitrary code execution or system behavior modification remotely.
the severity is categorized as Important, which could result in a significant security impact.

Response and Recommended Action.

patched versions are Apache ActiveMQ and Broker 5.19.4 and later and 6.2.3 and later.
affected environments should update to the patched versions.
it is recommended to determine the scope of vulnerability exposure and check relevant logs and access records.

References.

official security advisory: https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt.

Previous Post

Apache Tomcat April Vulnerabilities Security Update Advisory

Next Post

Adobe Product Security Update Advisory (CVE-2026-34621)