Vulnerability-Lookup

NCSC-2026-0200

Vulnerability from csaf_ncscnl - Published: 2026-06-17 08:50 - Updated: 2026-06-17 08:50

Summary

Kwetsbaarheden verholpen in Oracle Communications

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Communications

Interpretaties: De kwetsbaarheden zitten in twee onderliggende producten: SQLite en Log4j en zijn eerder verholpen door de ontwikkelaars van deze producten. Oracle heeft de updates verwerkt in de eigen software. In SQLite kan een remote aanvaller via speciaal vervaardigde ZIP-bestanden heap geheugen uitlekken door een informatielek in de zipfileInflate functie van de zipfile extensie. In Log4j leidt onjuiste serialisatie van niet-eindige floating-point waarden zoals NaN of infinity in de JsonTemplateLayout tot ongeldig JSON-output, wat downstream logverwerkende systemen kan verstoren. Dit kan misbruikt worden als applicaties door de aanvaller gecontroleerde MapMessages loggen, wat een denial of service in loganalyse workflows veroorzaakt.

Oplossingen: Oracle heeft updates uitgebracht voor Communications om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-116: Improper Encoding or Escaping of Output

CWE-241: Improper Handling of Unexpected Data Type

CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection')

CWE-908: Use of Uninitialized Resource

CVE-2025-70873

SQLite versions up to 3.51.1 contain an information disclosure vulnerability in the zipfileInflate function, fixed in 3.51.3 along with an integer overflow in FTS5 and a WAL-reset corruption bug; Oracle Communications Network Charging and Control versions 15.0.0.0.0 to 15.2.0.0.0 have a critical unauthenticated remote data access flaw.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-908 - Use of Uninitialized Resource

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*

CVE-2026-34481

Apache Log4j's JsonTemplateLayout up to version 2.25.3 improperly serializes non-finite floating-point values, producing invalid JSON that can disrupt log processing, while Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 have a critical vulnerability allowing unauthenticated data modification.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-116 - Improper Encoding or Escaping of Output

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*

References

3 references

URL	Category
https://www.oracle.com/security-alerts/cspujun2026.html	external
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in Oracle Communications",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden zitten in twee onderliggende producten: SQLite en Log4j en zijn eerder verholpen door de ontwikkelaars van deze producten. Oracle heeft de updates verwerkt in de eigen software.\nIn SQLite kan een remote aanvaller via speciaal vervaardigde ZIP-bestanden heap geheugen uitlekken door een informatielek in de zipfileInflate functie van de zipfile extensie. In Log4j leidt onjuiste serialisatie van niet-eindige floating-point waarden zoals NaN of infinity in de JsonTemplateLayout tot ongeldig JSON-output, wat downstream logverwerkende systemen kan verstoren. Dit kan misbruikt worden als applicaties door de aanvaller gecontroleerde MapMessages loggen, wat een denial of service in loganalyse workflows veroorzaakt.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht voor Communications om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Encoding or Escaping of Output",
        "title": "CWE-116"
      },
      {
        "category": "general",
        "text": "Improper Handling of Unexpected Data Type",
        "title": "CWE-241"
      },
      {
        "category": "general",
        "text": "Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
        "title": "CWE-244"
      },
      {
        "category": "general",
        "text": "Use of Uninitialized Resource",
        "title": "CWE-908"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://www.oracle.com/security-alerts/cspujun2026.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Communications",
    "tracking": {
      "current_release_date": "2026-06-17T08:50:12.629791Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0200",
      "initial_release_date": "2026-06-17T08:50:12.629791Z",
      "revision_history": [
        {
          "date": "2026-06-17T08:50:12.629791Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Convergent Charging Controller"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Network Charging and Control"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Network Integrity"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-70873",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Uninitialized Resource",
          "title": "CWE-908"
        },
        {
          "category": "other",
          "text": "Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
          "title": "CWE-244"
        },
        {
          "category": "description",
          "text": "SQLite versions up to 3.51.1 contain an information disclosure vulnerability in the zipfileInflate function, fixed in 3.51.3 along with an integer overflow in FTS5 and a WAL-reset corruption bug; Oracle Communications Network Charging and Control versions 15.0.0.0.0 to 15.2.0.0.0 have a critical unauthenticated remote data access flaw.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-70873 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-70873.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-70873"
    },
    {
      "cve": "CVE-2026-34481",
      "cwe": {
        "id": "CWE-116",
        "name": "Improper Encoding or Escaping of Output"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Encoding or Escaping of Output",
          "title": "CWE-116"
        },
        {
          "category": "other",
          "text": "Improper Handling of Unexpected Data Type",
          "title": "CWE-241"
        },
        {
          "category": "description",
          "text": "Apache Log4j\u0027s JsonTemplateLayout up to version 2.25.3 improperly serializes non-finite floating-point values, producing invalid JSON that can disrupt log processing, while Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 have a critical vulnerability allowing unauthenticated data modification.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-34481 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34481.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-34481"
    }
  ]
}

CVE-2025-70873 (GCVE-0-2025-70873)

Vulnerability from cvelistv5 – Published: 2026-03-12 00:00 – Updated: 2026-03-14 03:35

Summary

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

n/a
CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')

Assigner

mitre

References

3 references

URL	Tags
https://sqlite.org/forum/forumpost/761eac3c82
https://sqlite.org/src/info/3d459f1fb1bd1b5e
https://gist.github.com/cnwangjihe/f496393f30f5ec…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-70873",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-14T03:33:48.480447Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-244",
                "description": "CWE-244 Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-14T03:35:18.796Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-12T18:44:30.960Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://sqlite.org/forum/forumpost/761eac3c82"
        },
        {
          "url": "https://sqlite.org/src/info/3d459f1fb1bd1b5e"
        },
        {
          "url": "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-70873",
    "datePublished": "2026-03-12T00:00:00.000Z",
    "dateReserved": "2026-01-09T00:00:00.000Z",
    "dateUpdated": "2026-03-14T03:35:18.796Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34481 (GCVE-0-2026-34481)

Vulnerability from cvelistv5 – Published: 2026-04-10 15:43 – Updated: 2026-04-10 17:41

Title

Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout

Summary

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, Infinity, or -Infinity), which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to index affected records. An attacker can exploit this issue only if both of the following conditions are met: * The application uses JsonTemplateLayout. * The application logs a MapMessage containing an attacker-controlled floating-point value. Users are advised to upgrade to Apache Log4j JSON Template Layout 2.25.4, which corrects this issue.

Severity

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-116 - Improper Encoding or Escaping of Output

Assigner

apache

References

6 references

URL	Tags
https://github.com/apache/logging-log4j2/pull/4080	patch
https://logging.apache.org/security.html#CVE-2026-34481	vendor-advisory
https://logging.apache.org/cyclonedx/vdr.xml	vendor-advisory
https://logging.apache.org/log4j/2.x/manual/json-…	related
https://lists.apache.org/thread/n34zdv00gbkdbzt2r…	vendor-advisory
http://www.openwall.com/lists/oss-security/2026/0…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Log4j JSON Template Layout	Affected: 2.14.0 , < 2.25.4 (maven) Affected: 3.0.0-alpha1 , ≤ 3.0.0-beta3 (maven) cpe:2.3:a:apache:log4j_layout_template_json::::::::

Credits

Ap4sh (Samy Medjahed) and Ethicxz (Eliott Laurie)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-10T16:18:20.891Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/10/10"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34481",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-10T17:41:23.224802Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-10T17:41:38.229Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "cpes": [
            "cpe:2.3:a:apache:log4j_layout_template_json:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.apache.logging.log4j:log4j-layout-template-json",
          "packageURL": "pkg:maven/org.apache.logging.log4j/log4j-layout-template-json",
          "product": "Apache Log4j JSON Template Layout",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.25.4",
              "status": "affected",
              "version": "2.14.0",
              "versionType": "maven"
            },
            {
              "lessThanOrEqual": "3.0.0-beta3",
              "status": "affected",
              "version": "3.0.0-alpha1",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ap4sh (Samy Medjahed) and Ethicxz (Eliott Laurie)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eApache Log4j\u0027s \u003ccode\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://logging.apache.org/log4j/2.x/manual/json-template-layout.html\"\u003eJsonTemplateLayout\u003c/a\u003e\u003c/code\u003e, in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (\u003ccode\u003eNaN\u003c/code\u003e, \u003ccode\u003eInfinity\u003c/code\u003e, or \u003ccode\u003e-Infinity\u003c/code\u003e), which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to index affected records.\u003c/p\u003e\u003cp\u003eAn attacker can exploit this issue only if both of the following conditions are met:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe application uses \u003ccode\u003eJsonTemplateLayout\u003c/code\u003e.\u003c/li\u003e\u003cli\u003eThe application logs a \u003ccode\u003eMapMessage\u003c/code\u003e containing an attacker-controlled floating-point value.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eUsers are advised to upgrade to Apache Log4j JSON Template Layout 2.25.4, which corrects this issue.\u003c/p\u003e"
            }
          ],
          "value": "Apache Log4j\u0027s  JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, Infinity, or -Infinity), which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to index affected records.\n\nAn attacker can exploit this issue only if both of the following conditions are met:\n\n  *  The application uses JsonTemplateLayout.\n  *  The application logs a MapMessage containing an attacker-controlled floating-point value.\n\n\nUsers are advised to upgrade to Apache Log4j JSON Template Layout 2.25.4, which corrects this issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "CWE-116 Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-10T15:43:00.100Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/apache/logging-log4j2/pull/4080"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://logging.apache.org/security.html#CVE-2026-34481"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://logging.apache.org/cyclonedx/vdr.xml"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://logging.apache.org/log4j/2.x/manual/json-template-layout.html"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/n34zdv00gbkdbzt2rx9rf5mqz6lhopcv"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-16T18:14:00.000Z",
          "value": "Vulnerability reported by Ap4sh and ethicxz"
        },
        {
          "lang": "en",
          "time": "2026-03-10T20:42:00.000Z",
          "value": "Candidate patch internally shared by Piotr P. Karwasz"
        },
        {
          "lang": "en",
          "time": "2026-03-24T23:06:00.000Z",
          "value": "Fix shared publicly by Piotr P. Karwasz as pull request #4080"
        },
        {
          "lang": "en",
          "time": "2026-03-25T09:54:00.000Z",
          "value": "Fix verified by the reporter"
        },
        {
          "lang": "en",
          "time": "2026-03-28T11:19:00.000Z",
          "value": "Log4j 2.25.4 released"
        }
      ],
      "title": "Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-34481",
    "datePublished": "2026-04-10T15:43:00.100Z",
    "dateReserved": "2026-03-28T19:23:37.127Z",
    "dateUpdated": "2026-04-10T17:41:38.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

NCSC-2026-0200

CVE-2025-70873 (GCVE-0-2025-70873)

CVE-2026-34481 (GCVE-0-2026-34481)

Tags

Sightings

Nomenclature