CVE-2026-34480
mediumCVSS v3 Base Score
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.0%
Exploitation probability in 30 days
Top 91% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
Low
Published: April 10, 2026 (91 days ago)
Last Modified: April 10, 2026
Vendor: Red Hat
Source: REDHAT
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML output becomes invalid. This can lead to two main issues: either systems processing these logs will fail to read the affected records, or the logging process itself will stop delivering events, both resulting in a denial of service for logging operations.
CWE
CWE-168Affected Products
Red Hat AI Inference ServerRed Hat AMQ Broker 7Red Hat build of Apache Camel for Spring Boot 4Red Hat build of Apache Camel - HawtIO 4Red Hat build of Apicurio Registry 2Red Hat build of Apicurio Registry 3Red Hat build of OptaPlanner 8Red Hat Data Grid 8Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9