Apache Log4j 2.0-alpha1 < 2.25.4 XmlLayout Invalid XML Output (CVE-2026-34480)

Language:

Version 1.4 Apr 27, 2026, 11:43 AM CVSS metrics ("CVSSv2 score" set to 7.8) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N") CVSS metrics ("CVSSv3 score" set to 7.5) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N") CVSSv2 severity (based on CVE-2026-34480, severity increased from "Medium" to "High") CVSSv3 severity (based on None, severity increased from "Medium" to "High") Plugin Feed: 202604271143
Version 1.3 Apr 20, 2026, 10:26 PM Plugin metadata (Add IAVM Info) Plugin Feed: 202604202226
Version 1.2 Apr 16, 2026, 7:20 PM CVSS metrics ("Cvssv4 threat score" set to 6.9) CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:U") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") Exploit attributes ("Exploit available" set to "False") Exploit attributes ("Exploitability ease" set to "No known exploits are available") Plugin Feed: 202604161920
Version 1.1 Apr 15, 2026, 8:35 PM New Plugin Feed: 202604152035

* Changelogs are generally available for changes made after Nov 1, 2022