CVE-2026-34478

Name of the Vulnerable Software and Affected Versions Apache Log4j Core versions 2.21.0 through 2.25.3

Description The Rfc5424Layout component is susceptible to log injection via CRLF (Carriage Return Line Feed) sequences. This occurs because security-relevant configuration attributes were renamed without documentation, affecting users of stream-based syslog services who configure Rfc5424Layout directly. Specifically, the renaming of the newLineEscape attribute disables newline escaping for TCP framing (RFC 6587), and the renaming of the useTlsMessageFormat attribute causes TLS framing (RFC 5425) to downgrade to unframed TCP (RFC 6587) without newline escaping. This can allow a remote attacker to impact the integrity of the protected log information.

Recommendations Upgrade to version 2.25.4.