CVE-2026-34164 Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService

Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data PII, citizen identifier...

EUVD-2026-23296

Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService...

GHSA-HFRG-MCVW-8MCH Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService

Summary The InboxHandlingService logs the full content of every incoming inbox message at INFO level logger.info"Received message: ", message. Inbox messages are wrappers around outbox message data, which can contain highly sensitive information such as personal data PII, citizen identifiers BSN,...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the InboxHandlingService. An attacker can access sensitive information such as personal data, citizen identifiers, and case details by viewing application logs that contain full inbox...

Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService

Summary The InboxHandlingService logs the full content of every incoming inbox message at INFO level logger.info"Received message: ", message. Inbox messages are wrappers around outbox message data, which can contain highly sensitive information such as personal data PII, citizen identifiers BSN,...