Horizon3.ai chief architect Naveen Sunkavally used Anthropic’s Claude to discover CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ Classic that had been present in the codebase for 13 years. The AI model traced the full attack chain in approximately 10 minutes, according to Horizon3.ai’s disclosure published April 7. Apache patched the flaw in late March 2026.
The Vulnerability
CVE-2026-34197 is an improper input validation and code injection flaw in ActiveMQ Classic’s Jolokia JMX-HTTP bridge, exposed via the web console at /api/jolokia/ on port 8161. An attacker can call the addNetworkConnector management operation on the broker’s MBean and supply a crafted VM transport URI containing an attacker-controlled brokerConfig=xbean:http:// parameter.
When processed, ActiveMQ’s VM transport layer creates an embedded broker using the attacker-supplied URL, according to CyberSecurity News. The xbean: scheme hands the URL to Spring’s ResourceXmlApplicationContext, which instantiates all bean definitions in the remote XML file, allowing arbitrary OS command execution via Runtime.getRuntime().exec().
The root cause traces back to a fix for CVE-2022-41678, where Apache added a blanket Jolokia allow rule for all operations on ActiveMQ’s own MBeans (org.apache.activemq:*) to preserve web console functionality. That decision inadvertently unlocked every management operation, including addNetworkConnector, as an attack surface through the REST API.
Default Credentials and Unauthenticated Paths
The vulnerability normally requires credentials, but default username/password combinations like admin:admin are widely used across enterprise environments, Sunkavally noted in his disclosure. On ActiveMQ versions 6.0.0 through 6.1.1, a separate flaw (CVE-2024-32114) inadvertently strips authentication from the /api/* path, making CVE-2026-34197 a fully unauthenticated RCE on those builds.
ActiveMQ has a documented history of being targeted. Both CVE-2016-3088 and CVE-2023-46604 are listed on CISA’s Known Exploited Vulnerabilities catalog. Previous ActiveMQ flaws have been leveraged for ransomware and malware attacks, according to Help Net Security.
How Claude Found It
The discovery was “80% Claude and 20% gift-wrapping by a human,” Sunkavally told Infosecurity Magazine. He described his process as providing Claude with a lightweight vulnerability-hunting prompt and a live target for validation.
The flaw had remained hidden because it involved multiple components developed independently over 13 years: Jolokia, JMX, network connectors, and VM transports. Each feature in isolation works as designed, but they become dangerous when chained together.
“This is exactly where Claude shone, efficiently stitching together this path end to end with a clear head free of assumptions,” Sunkavally wrote. “Something that would have probably taken me a week manually took Claude 10 minutes.”
Patching and Detection
CVE-2026-34197 is fixed in ActiveMQ Classic versions 5.19.4 and 6.2.3. The fix removes the ability for addNetworkConnector to register vm:// transports via the Jolokia API entirely.
Organizations should monitor ActiveMQ broker logs for network connector activity referencing vm:// URIs with brokerConfig=xbean:http, POST requests to /api/jolokia/ containing addNetworkConnector in the request body, outbound HTTP requests from the ActiveMQ broker process to unexpected hosts, and unexpected child processes spawned by the ActiveMQ Java process.
The Compression of Vulnerability Research
This disclosure follows a pattern emerging in 2026: AI models are compressing the timeline for vulnerability discovery from weeks to minutes. Sunkavally urged security engineers and developers to integrate tools like Claude into their workflows, claiming “anyone with a security background can take advantage.” The practical question for security teams is whether their patching cadence can keep up with the rate at which AI-assisted researchers can now find flaws in production infrastructure.