CVE-2026-34478
mediumCVSS v3 Base Score
5.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 91% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
Low
Availability
None
Published: April 10, 2026 (91 days ago)
Last Modified: April 10, 2026
Vendor: Red Hat
Source: REDHAT
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in Apache Log4j Core. This vulnerability allows for log injection through the use of Carriage Return Line Feed (CRLF) sequences. This occurs because security-related configuration attributes were silently renamed, impacting users who directly configure Rfc5424Layout with stream-based syslog services. An attacker could exploit this to inject malicious data into log files, potentially obscuring critical security events or manipulating system records.
CWE
CWE-93Affected Products
Red Hat AI Inference ServerRed Hat AMQ Broker 7Red Hat build of Apache Camel for Spring Boot 4Red Hat build of Apache Camel - HawtIO 4Red Hat build of Apicurio Registry 2Red Hat build of Apicurio Registry 3Red Hat build of OptaPlanner 8Red Hat Data Grid 8Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9