Known Vulnerabilities for Apache Log4j2 by Apache Software Foundation
Listed below are 3 of the newest known vulnerabilities associated with "Apache Log4j2" by "Apache Software Foundation".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34477 json | The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete: it addressed hostname ve... | Not Provided | 2026-04-10 | 2026-04-10 |
| CVE-2021-45105 json | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion fro... | Not Provided | 2021-12-18 | 2026-05-29 |
| CVE-2021-44832 json | Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote... | Not Provided | 2021-12-28 | 2026-05-29 |