A critical remote code execution vulnerability (CVE-2026-34197) in Apache ActiveMQ, discovered by Horizon3.ai researchers using Anthropic's Claude AI in roughly 10 minutes, remains unpatched on over 6,500 internet-exposed instances nearly two weeks after disclosure. The flaw affects ActiveMQ versions before 5.19.4 and 6.0–6.2.3, and has existed for 13 years. CISA has added it to its Known Exploited Vulnerabilities catalog. Security experts warn that slow manual patching cycles are untenable in an era where AI can weaponize bugs immediately upon discovery, urging organizations to adopt automated patching, maintain a software bill of materials (SBOM) using standards like CycloneDX, and treat patching as a survival requirement rather than routine maintenance.
Sort: