CVE-2026-34480

🗓️ 10 Apr 2026 16:16:31Reported by [email protected]Type

CVE-2026-34480: Log4j Core XmlLayout before 2.25.4 fails to sanitize XML 1.0 characters; upgrade to 2.25.4.

Reporter	Title	Published	Views	Family All 127
IBM Security Bulletins	Security Bulletin: Vulnerability in log4j/2.x affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.	22 Jun 202613:42	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-34477, CVE-2026-34478, CVE-2026-34480)	29 May 202609:54	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in log4j/2.x affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.	22 Jun 202613:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Apache Log4j Core shipped in Tivoli Netcool/OMNIbus	29 May 202612:15	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-34477, CVE-2026-34478, CVE-2026-34480)	29 May 202609:56	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of log4j-core-2.25.3.jar, IBM Sterling Connect:Direct Web Services is vulnerable to log injection via CRLF sequences.	3 Jun 202604:27	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-34480 ,CVE-2026-34477, CVE-2026-34478, CVE-2026-34479)	29 May 202608:56	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in watsonx.data	9 May 202608:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in Apache Log4j	27 May 202617:36	–	ibm
IBM Security Bulletins	Security Bulletin: The Apache Log4J 2 package that is shipped with IBM ApplinX is vulnerable to multiple vulnerabilities (CVE-2026-34480, CVE-2026-34477, CVE-2026-34478, CVE-2026-34479).	11 Jun 202621:17	–	ibm

NVD

Node

apache log4jRange2.0–2.25.4

apache log4jMatch3.0.0alpha1

apache log4jMatch3.0.0alpha1_rc1

apache log4jMatch3.0.0alpha1_rc2

apache log4jMatch3.0.0beta1

apache log4jMatch3.0.0beta2

apache log4jMatch3.0.0beta3

Source	Link
github	www.github.com/apache/logging-log4j2/pull/4077
logging	www.logging.apache.org/cyclonedx/vdr.xml
logging	www.logging.apache.org/security.html
logging	www.logging.apache.org/log4j/2.x/manual/layouts.html
lists	www.lists.apache.org/thread/5x0hcnng0chhghp6jgjdp3qmbbhfjzhb
openwall	www.openwall.com/lists/oss-security/2026/04/10/9

17 Jun 2026 10:39Current

CVSS 3.17.5

CVSS 46.9

EPSS0.0086

CWE-116