CVE-2026-40021

🗓️ 10 Apr 2026 15:44:17Reported by apacheType

Log4net before 3.3.0 fails to sanitize forbidden Extensible Markup Language version one point zero characters in keys and identity, causing silent log loss.

Reporter	Title	Published	Views	Family All 18
ATTACKERKB	CVE-2026-40021	10 Apr 202615:44	–	attackerkb
CNNVD	Apache log4net 安全漏洞	10 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-40021 Apache Log4net: Silent log event loss in XmlLayout and XmlLayoutSchemaLog4J due to unescaped XML 1.0 forbidden characters	10 Apr 202615:44	–	cvelist
Debian CVE	CVE-2026-40021	10 Apr 202615:44	–	debiancve
EUVD	EUVD-2026-21488	10 Apr 202618:31	–	euvd
Github Security Blog	Apache Log4net: Silent log event loss in XmlLayout and XmlLayoutSchemaLog4J due to unescaped XML 1.0 forbidden characters	10 Apr 202618:31	–	github
NVD	CVE-2026-40021	10 Apr 202616:16	–	nvd
OSV	DEBIAN-CVE-2026-40021	10 Apr 202616:16	–	osv
OSV	GHSA-4F7C-PMJV-C25W Apache Log4net: Silent log event loss in XmlLayout and XmlLayoutSchemaLog4J due to unescaped XML 1.0 forbidden characters	10 Apr 202618:31	–	osv
OSV	UBUNTU-CVE-2026-40021	10 Apr 202616:16	–	osv

NVD

Vulners

Node

apache log4netRange<3.3.0

[
  {
    "collectionURL": "https://www.nuget.org/packages",
    "cpes": [
      "cpe:2.3:a:apache:log4net:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "packageName": "log4net",
    "packageURL": "pkg:nuget/log4net",
    "product": "Apache Log4net",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "3.3.0",
        "status": "affected",
        "version": "0",
        "versionType": "nuget"
      }
    ]
  }
]

Source	Link
logging	www.logging.apache.org/security.html
logging	www.logging.apache.org/log4net/manual/configuration/layouts.html
lists	www.lists.apache.org/thread/q8otftjswhk69n3kxslqg7cobr0x4st7
github	www.github.com/apache/logging-log4net/pull/280
logging	www.logging.apache.org/cyclonedx/vdr.xml
openwall	www.openwall.com/lists/oss-security/2026/04/10/11

17 Jun 2026 10:44Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.3

CVSS 46.3

EPSS0.0075

SSVC

CWE-116