CISA Adds Apache ActiveMQ CVE to KEV Catalog (Apr 2026)
⚠️ CISA added CVE-2026-34197 — an Apache ActiveMQ improper input validation vulnerability — to the KEV Catalog after evidence of active exploitation. The advisory notes this vulnerability type is a frequent attack vector and poses significant risk to the federal enterprise. CISA reminds Federal Civilian Executive Branch agencies to follow BOD 22-01 remediation deadlines and strongly urges all organizations to prioritize timely mitigation.
