A critical remote code execution vulnerability that remained undetected for more than a decade in Apache ActiveMQ Classic has been identified with the assistance of artificial intelligence, drawing attention to how quickly modern tools can surface complex security flaws. Researchers from Horizon3.ai revealed that the issue was uncovered and turned into a working exploit chain within minutes using Claude, an AI model developed by Anthropic. The discovery highlights how legacy software components can carry long standing risks that only become visible when analyzed through newer methods.
The vulnerability, now tracked as CVE-2026-34197, affects multiple versions of ActiveMQ Classic, including releases prior to 5.19.4 and several versions in the 6.x series. It carries a high severity rating with a CVSS score of 8.8. According to the researchers, the flaw originates from the way different components within ActiveMQ interact, particularly within its management plane. While each component functioned as intended individually, their combined behavior created a pathway that allowed attackers to execute arbitrary code remotely. The issue is tied to the Jolokia API, which is exposed by ActiveMQ at a specific endpoint and enables authenticated users to manage broker operations through HTTP requests.
By exploiting this interface, attackers can misuse certain methods to pass crafted inputs that direct the system to load external configuration files. Specifically, the flaw allows a malicious brokerConfig parameter to point to a remote Spring XML file controlled by an attacker. Once processed, this file can execute Java code within the broker environment, effectively granting full remote control over the system. Although authentication is required in most cases, researchers noted that default credentials such as admin and admin are still widely used in real world deployments. In addition, some versions of ActiveMQ 6.x contain another vulnerability that can expose the Jolokia API without requiring authentication, making exploitation significantly easier in those scenarios.
The speed at which the exploit was developed has become a key point of discussion. The researcher leading the effort explained that a task that would typically take several days of manual analysis was completed in about ten minutes with the help of AI. This rapid identification underscores how AI systems can analyze relationships between components and detect weaknesses that might otherwise remain hidden in complex codebases. ActiveMQ has previously experienced multiple security issues linked to its administrative features, including deserialization flaws and protocol level vulnerabilities, but this instance stands out due to the method of discovery.
The vulnerability has since been addressed in updated versions of ActiveMQ Classic, including releases 5.19.4 and 6.2.3. Users are advised to upgrade to these patched versions to mitigate the risk. The case also reflects broader concerns within the cybersecurity community regarding the dual use nature of AI tools, which can assist defenders in identifying weaknesses but may also lower the barrier for attackers to develop exploits more efficiently.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
