6 matches found
CVE-2026-34480
Technical details about CVE-2026-34480 are not publicly available in the provided connected documents. The initial description gives an overview but no vendor/product/version specifics or remediation steps here. Monitor for updates from official advisories.
CVE-2026-34477
CVE-2025-68161 (and CVE-2026-34477) affect Apache Log4j Core Socket Appender where TLS hostname verification was silently ignored when configured via verifyHostName, leaving potential MITM scenarios under SMTP, Socket, or Syslog Appenders using a nested element. The issue spans versions 2.0-beta...
CVE-2026-34478
CVE-2026-34478 (Log4j Core) affects Apache Log4j Core 2.21.0 through 2.25.3 and involves CRLF log-injection risks in stream-based syslog output due to undocumented renames of configuration attributes in Rfc5424Layout. Specifically, the newLineEscape attribute was silently renamed, breaking newlin...
CVE-2026-34481
CVE-2026-34481 affects Apache Log4j’s JsonTemplateLayout. Versions up to 2.25.3 produce invalid JSON when log events contain non-finite floating-point values (NaN, Infinity, -Infinity), violating RFC 8259 and potentially causing downstream log processors to reject or fail indexing. Exploitation r...
CVE-2026-34479
The CVE affects the Apache Log4j 1-to-Log4j 2 bridge: Log4j1XmlLayout used in Log4j Core 2 configurations or via the Log4j 1 compatibility layer with org.apache.log4j.xml.XMLLayout. The root cause is failure to properly escape characters forbidden by XML 1.0, producing malformed XML that conformi...
CVE-2026-49844
CVE-2026-49844 describes an issue in the Apache Log4j API where MapMessage.asJson() can emit non-finite IEEE 754 values (NaN, Infinity, -Infinity) as bare tokens during JSON serialization. This affects Log4j API versions 2.13.1–2.25.4 and 2.26.0. The fault occurs when a MapMessage contains an att...