CVE-2026-34481

Name of the Vulnerable Software and Affected Versions Apache Log4j versions up to and including 2.25.3

Description Apache Log4j's JsonTemplateLayout generates invalid JSON output when processing log events that include non-finite floating-point values (NaN, Infinity, or -Infinity), violating RFC 8259 standards. This can lead to downstream log processing systems rejecting or failing to index affected records. Exploitation requires the application to use JsonTemplateLayout and log a MapMessage containing a floating-point value controlled by an attacker.

Recommendations Upgrade to Apache Log4j JSON Template Layout 2.25.4.