Sign In

CVE-2026-34481

ADVISORY - github

Summary

Apache Log4j's JsonTemplateLayout, in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, Infinity, or -Infinity), which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to index affected records.

An attacker can exploit this issue only if both of the following conditions are met:

  • The application uses JsonTemplateLayout.
  • The application logs a MapMessage containing an attacker-controlled floating-point value.

Users are advised to upgrade to Apache Log4j JSON Template Layout 2.25.4, which corrects this issue.

EPSS Score: 0.00153 (0.355)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-116

Improper Encoding or Escaping of Output

ADVISORY - github

CWE-116

Improper Encoding or Escaping of Output

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2026-34481
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-116

CVSS SCORE

6.3medium

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-w35j-pv5h-q9q9
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-116

CVSS SCORE

6.3medium

Debian

CREATED

UPDATED

ADVISORY IDCVE-2026-34481
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2026-34481
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5medium

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-jfgg-24j2-8jcc

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-28rp-w5rw-j3fj

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-2p74-j755-fc4r

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-386x-qf27-4268

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-3f92-66mg-v4pq

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-42mw-mr2x-q8mr

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-59rw-jmfv-g7hg

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-648w-qvhj-jmqf

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-7c5r-qf3h-fxpp

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-8cff-mhc4-wrh5

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-9mgh-f6qm-qfxp

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-g8pp-89mj-2738

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-h9g5-qh2j-fq8h

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-hrxq-qc52-rq8f

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-m7rp-v6wr-hhpp

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-mjfv-pjcg-5pgr

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-pv49-5g8p-jxx5

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-v5f8-ph87-37g5

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-vpw7-4m27-mhx9

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-wr35-4qpp-q237

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-xcwf-44p5-h5pj

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY