Apache ActiveMQ Classic is affected by a critical unauthenticated RCE vulnerability (CVE-2026-34197, CVSS 9.8) that reportedly persisted in the codebase for approximately 13 years, with a 90th-percentile EPSS score indicating elevated exploitation probability. All versions prior to 6.2.3 (6.x branch) and 5.19.4 (5.x branch) are affected. Immediate action required: restrict network access to ActiveMQ broker ports and upgrade to patched versions; prioritize internet-facing and DMZ-adjacent brokers.