AI accelerated discovery: ActiveMQ has been here before. The platform has a track record of high-impact vulnerabilities tied to management surfaces and unsafe assumptions around trusted inputs. From older web console flaws to deserialization bugs and protocol-level RCEs, administrative functionalities have consistently become attack vectors.But none of the previous flaws were found the way CVE-2026-34197 was. The bug sat there for 13 years, with the first rollout of the affected implementation dating back to around 2012, before Claude could map out a multi-step exploit chain.The discovery is already teasing the much-buzzed successor to Claude’s flaw-catching capabilities, Claude Mythos. A vulnerability scanner and exploit generator so dangerous in the wrong hands that it has been restricted under early preview to a handful of companies, with big names of the AI and cybersecurity community coming together under “Project Glasswing” to encourage its controlled usage.CVE-2026-34197 has been addressed in newer ActiveMQ Classic releases (6.2.3 and 5.19.4), and users must upgrade to patched versions to be protected.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4157146/claude-uncovers-a-13%e2%80%91year%e2%80%91old-activemq-rce-bug-within-minutes.html
