Multiple security vulnerabilities affecting Apache Log4j API versions The flaw hits log4j-api from 2 have been identified in Apache Software Foundation Apache Log4j API, which could impact the availability and integrity of logs. The flaws affect version 2.13.1 through 2.25.4 of log4j-api, as well as versions 2.26.0 and early 3.0.0 pre-releases.
CVE-2026-49844 (CVSS 6.3 — Medium): A vulnerability in Apache Log4j API allows an attacker to break JSON log output with a special number. The bug triggers when using JsonTemplateLayout or another layout that calls MapMessage.asJson and logging a MapMessage with an attacker-controlled float.[/subscribe_to_unlock_form]
Multiple security vulnerabilities affecting Apache Log4j API versions The flaw hits log4j-api from 2 have been identified in Apache Software Foundation Apache Log4j API, which could impact the availability and integrity of logs. The flaws affect version 2.13.1 through 2.25.4 of log4j-api, as well as versions 2.26.0 and early 3.0.0 pre-releases.
CVE-2026-49844 (CVSS 6.3 — Medium): A vulnerability in Apache Log4j API allows an attacker to break JSON log output with a special number. The bug triggers when using JsonTemplateLayout or another layout that calls MapMessage.asJson and logging a MapMessage with an attacker-controlled float.[emaillocker id="1283"]
CVE-2026-34481: description not provided in the article These vulnerabilities collectively present a risk of data corruption and loss due to invalid log output. These vulnerabilities collectively present a risk of data corruption and loss due to invalid log output.
These vulnerabilities collectively present a risk of data corruption and loss due to invalid log output. These vulnerabilities collectively present a risk of data corruption and loss due to invalid log output.
We recommend you to update Apache Log4j API to version 2.25.5 or 2.26.1.
The following reports contain further technical details:
[/emaillocker]