Attackers are attacking Apache ActiveMQ Broker, Apache ActiveMQ
Admins should quickly install the versions of Apache ActiveMQ Broker and Apache ActiveMQ that are protected against currently ongoing attacks.
(Image: Gorodenkoff/Shutterstock.com)
Unknown attackers are currently attacking the open-source message brokers Apache ActiveMQ Broker and Apache ActiveMQ and executing malicious code. Versions equipped to handle this are available for download.
Attacks with and without login
Security researchers from Horizon3 have discovered the security vulnerability (CVE-2026-34197 “high”). In a post, they explain that the vulnerability has been dormant in Apache ActiveMQ Classic for 13 years. According to their statements, they discovered the gap with the help of the Claude LLM, among other things.
According to the description of the vulnerability, attackers target the Jolokia API to intercept configuration files and execute malicious code. However, an attacker must already be logged into systems for this. According to the researchers, if an attacker combines the current vulnerability with an older vulnerability (CVE-2024-32114 “high”), attacks without authentication are possible. Therefore, administrators should react quickly.
Protect systems from attacks
Videos by heise
The US security authority Cybersecurity & Infrastructure Security Agency (CISA) is now warning of ongoing attacks. The extent to which the attacks are occurring and who specifically is being attacked is currently unknown. The technical details of the vulnerability are explained by the security researchers in their post. Further information on the older and current security vulnerability can be found there. They also point out parameters that allow administrators to identify already successfully attacked instances.
In a warning message, the developers state that versions 5.19.4 and 6.2.3 of Apache ActiveMQ Broker and Apache ActiveMQ are equipped to handle the ongoing attacks. All previous versions are vulnerable.
(des)
