CISA 2026-04-16

CISA Adds One Known Exploited Vulnerability to Catalog

CVE-2026-34197

Machine-generated analysis · WAYSCloud LLM

CVE-2026-34197 is an improper input validation issue in Apache ActiveMQ that is already seeing active exploitation.

Context

Apache ActiveMQ is an open-source message broker that supports multiple messaging protocols. The advisory states that CVE-2026-34197 is an improper input validation vulnerability being actively exploited. This addition to the KEV Catalog indicates that exploitation is occurring in the wild. The advisory does not specify the vector, impact, or affected versions.

Operator considerations

Check: Apache ActiveMQ instances in your environment for presence and version.

From Cybersecurity and Infrastructure Security Agency ↗

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

CVE-2026-34197 Apache ActiveMQ Improper Input Validation Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly ur...

Read the full advisory on CISA →