Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197) (opens in new tab)

In the latest demonstration of how AI assistants can help with bug hunting, Horizon3.ai researcher Naveen Sunkavally used Claude to unearth CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ that’s been introduced in the codebase 13 years ago. The vulnerability was patched in late March 2026 and there’s currently no indication that it is being actively exploited by attackers. Neveretheless, with ActiveMQ vulnerabilities having been previously leveraged for ransomware and...