A critical vulnerability in Apache ActiveMQ, tracked as CVE-2026-34197, has been added to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities catalog, with a CVSS score of 8.8. This flaw is caused by improper input validation and unsafe code execution, affecting the Jolokia JMX-HTTP bridge exposed via the web console. The vulnerability allows for the execution of certain management operations, posing a significant risk to affected systems. CISA's addition of this vulnerability to the KEV catalog indicates that it is being actively exploited, making it a high-priority issue for organizations using Apache ActiveMQ1. The exploitation status of CVE-2026-34197 determines whether this is a patch-now or monitor situation, emphasizing the need for prompt attention from security practitioners. This vulnerability's inclusion in the KEV catalog highlights the importance of timely patching and monitoring to prevent potential attacks.