TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

CISA has added CVE-2026-34197, a 13-year-old remote code execution vulnerability in Apache ActiveMQ, to its Known Exploited Vulnerabilities catalog. Federal agencies have until April 30 to patch. The flaw, discovered by Horizon3 researcher Naveen Sunkavally with help from Claude AI, allows authenticated users to execute arbitrary OS commands via the Jolokia management API. Many deployments use default credentials ('admin:admin'), making exploitation trivial. On versions 6.0.0–6.1.1, a chained older vulnerability (CVE-2024-32114) removes the authentication requirement entirely, enabling unauthenticated RCE. Over 8,000 ActiveMQ instances are publicly reachable. Patches are available in versions 5.19.5 and 6.2.3.

CISA tells feds to patch 13-year-old Apache ActiveMQ bug