CISA Adds 13-Year-Old Apache ActiveMQ RCE to KEV Catalog, Giving Federal Agencies Two Weeks to Patch a Bug Found by Claude in Ten Minutes
CISA added CVE-2026-34197, a 13-year-old remote code execution flaw in Apache ActiveMQ Classic, to its Known Exploited Vulnerabilities catalog on April 16 as Horizon3.ai's Naveen Sunkavally described finding the chain with Anthropic's Claude in about ten minutes.
4 min read6 sources