The Cybersecurity and Infrastructure Security Agency (CISA) has added Apache ActiveMQ's CVE-2026-34197 improper input validation vulnerability to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation in the wild. Federal agencies are required to remediate the flaw under Binding Operational Directive 22-01, and CISA is urging all organizations to prioritize patching as part of vulnerability management practices.