{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"HIGH" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"[\"Severity: important \\n\\nAffected versions:\\n\\n- Apache ActiveMQ Broker (org.apache.activemq:activemq-broker) before 5.19.4\\n- Apache ActiveMQ Broker (org.apache.activemq:activemq-broker) 6.0.0 before 6.2.3\\n- Apache ActiveMQ (org.apache.activemq:activemq-all) before 5.19.4\\n- Apache ActiveMQ (org.apache.activemq:activemq-all) 6.0.0 before 6.2.3\\n\\nDescription:\\n\\nImproper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ \\nBroker, Apache ActiveMQ.\\n\\nApache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at\\xa0/api/jolokia/ on the web console. The default Jolokia \\naccess policy permits\\xa0exec operations on all ActiveMQ\\xa0MBeans (org.apache.activemq:*), including\\nBrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). \\n\\nAn authenticated attacker can\\xa0invoke these operations with a crafted discovery URI that triggers the VM\\xa0transport's \\nbrokerConfig parameter to load a remote Spring XML application\\xa0context using ResourceXmlApplicationContext. \\nBecause Spring's\\xa0ResourceXmlApplicationContext instantiates all singleton beans before the\\xa0BrokerService validates the \\nconfiguration, arbitrary code execution occurs\\xa0on the broker's JVM through bean factory methods such as Runtime.exec().\\nThis issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: .\\n\\nUsers are recommended to upgrade to version 5.19.5 or 6.2.3, which fixes the issue.\\n\\nCredit:\\n\\nNaveen Sunkavally (Horizon3.ai) (finder)\\n\\nReferences:\"]", "category":"general", "title":"Synopsis" } ], "publisher":null, "references":[ { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34197" }, { "summary":"CVE-2026-34197 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/cve/2026/csaf-openeuler-cve-2026-34197.json" }, { "summary":"openEuler-SA-2026-2127", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2127" }, { "summary":"CVE-2026-34197", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-34197&packageName=activemq" } ], "title":"openEuler cve CVE-2026-34197", "tracking":{ "initial_release_date":"2026-05-06T10:48:34+08:00", "revision_history":[ { "date":"2026-05-06T10:48:34+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-05-06T10:48:34+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-05-06T10:48:34+08:00", "id":"CVE-2026-34197", "version":"1.0.0", "status":"interim" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"activemq-5.19.6-1.oe2403sp3.src.rpm", "name":"activemq-5.19.6-1.oe2403sp3.src.rpm" }, "name":"activemq-5.19.6-1.oe2403sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"activemq-5.19.6-1.oe2403sp3.noarch.rpm", "name":"activemq-5.19.6-1.oe2403sp3.noarch.rpm" }, "name":"activemq-5.19.6-1.oe2403sp3.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"activemq-javadoc-5.19.6-1.oe2403sp3.noarch.rpm", "name":"activemq-javadoc-5.19.6-1.oe2403sp3.noarch.rpm" }, "name":"activemq-javadoc-5.19.6-1.oe2403sp3.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"activemq-5.19.6-1.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:activemq-5.19.6-1.oe2403sp3.src", "name":"activemq-5.19.6-1.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"activemq-5.19.6-1.oe2403sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:activemq-5.19.6-1.oe2403sp3.noarch", "name":"activemq-5.19.6-1.oe2403sp3.noarch as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"activemq-javadoc-5.19.6-1.oe2403sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:activemq-javadoc-5.19.6-1.oe2403sp3.noarch", "name":"activemq-javadoc-5.19.6-1.oe2403sp3.noarch as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-34197", "notes":[ { "text":"[\"Severity: important \\n\\nAffected versions:\\n\\n- Apache ActiveMQ Broker (org.apache.activemq:activemq-broker) before 5.19.4\\n- Apache ActiveMQ Broker (org.apache.activemq:activemq-broker) 6.0.0 before 6.2.3\\n- Apache ActiveMQ (org.apache.activemq:activemq-all) before 5.19.4\\n- Apache ActiveMQ (org.apache.activemq:activemq-all) 6.0.0 before 6.2.3\\n\\nDescription:\\n\\nImproper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ \\nBroker, Apache ActiveMQ.\\n\\nApache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at\\xa0/api/jolokia/ on the web console. The default Jolokia \\naccess policy permits\\xa0exec operations on all ActiveMQ\\xa0MBeans (org.apache.activemq:*), including\\nBrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). \\n\\nAn authenticated attacker can\\xa0invoke these operations with a crafted discovery URI that triggers the VM\\xa0transport's \\nbrokerConfig parameter to load a remote Spring XML application\\xa0context using ResourceXmlApplicationContext. \\nBecause Spring's\\xa0ResourceXmlApplicationContext instantiates all singleton beans before the\\xa0BrokerService validates the \\nconfiguration, arbitrary code execution occurs\\xa0on the broker's JVM through bean factory methods such as Runtime.exec().\\nThis issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: .\\n\\nUsers are recommended to upgrade to version 5.19.5 or 6.2.3, which fixes the issue.\\n\\nCredit:\\n\\nNaveen Sunkavally (Horizon3.ai) (finder)\\n\\nReferences:\"]", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{ "$ref":"$.vulnerabilities[0].product_status.fixed" } }, "remediations":[ { "product_ids":{ "$ref":"$.vulnerabilities[0].product_status.fixed" }, "details":"activemq security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2127" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":{ "$ref":"$.vulnerabilities[0].product_status.fixed" } } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-34197" } ] }