VulnerabilityBleeping Computer
9.8 — CRITICAL
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A high-severity code injection vulnerability in Apache ActiveMQ has been actively exploited, impacting over 6,400 servers worldwide, with most in Asia, North America, and Europe being vulnerable.
⚙️Technical Details
CVEs
CVE-2026-34197CVE-2016-3088CVE-2023-46604Affected Systems: Apache ActiveMQ Classic
Affected Systems
Apache ActiveMQ Classic
Attack Vectors
NETWORK
💥Impact Assessment
Severity: CRITICAL
Who Is at Risk
Federal Civilian Executive Branch (FCEB) agencies and organizations running Apache ActiveMQ
🛡️Recommended Actions
1Apply mitigations per vendor instructions
2Follow applicable BOD 22-01 guidance for cloud services
3Discontinue use of the product if mitigations are unavailable
📦Affected Products
Apache ActivemqApache Activemq BrokerApache Activemq Legacy Openwire ModuleDebian Debian LinuxNetapp E-Series Santricity Unified ManagerNetapp E-Series Santricity Web Services ProxyNetapp Santricity Storage PluginApache Activemq, Apache Activemq Broker
🔐NVD Verified DataVERIFIED
CVE-2026-34197 ↗CVSS 8.8 — HIGH
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-20CWE-94
Affected Products (CPE)
Apache ActivemqApache Activemq Broker
CVE-2016-3088 ↗CVSS 9.8 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-434
Affected Products (CPE)
Apache Activemq
Patches & References
🔧 https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165…🔧 https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165…📋 http://activemq.apache.org/security-advisories.data/CVE-2016-3088-anno…📋 https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9…📋 http://activemq.apache.org/security-advisories.data/CVE-2016-3088-anno…
CVE-2023-46604 ↗CVSS 9.8 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-502
Affected Products (CPE)
Apache ActivemqApache Activemq Legacy Openwire ModuleDebian Debian LinuxNetapp E-Series Santricity Unified ManagerNetapp E-Series Santricity Web Services Proxy
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.