What is CVE-2026-34164?

CVE-2026-34164 is a medium-severity vulnerability in Valtimo-platform Valtimo, classified under Insertion of Sensitive Information into Log File. CVSS score: 4.9/10. Published 2026-04-16.

How severe is CVE-2026-34164?

Medium severity. CVSS v3 base score is 4.9 out of 10.

Information disclosure in Valtimo-platform Valtimo

CVE-2026-34164

Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive i…

EPSS: 0.000 (3.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.

Affected products

Valtimo-platform Valtimo — versions >= 13.0.0.RELEASE, < 13.22.0.RELEASE

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

References

https://github.com/valtimo-platform/valtimo/security/advisories/GHSA-hfrg-mcvw-8mch (x_refsource_CONFIRM)
https://github.com/generiekzaakafhandelcomponent/gzac-issues/issues/653 (x_refsource_MISC)
https://github.com/valtimo-platform/valtimo/pull/497 (x_refsource_MISC)
https://github.com/valtimo-platform/valtimo/commit/f16a1940ba7b34627c0b966f98ca78655ace9335 (x_refsource_MISC)
https://github.com/valtimo-platform/valtimo/releases/tag/13.22.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-34164?: CVE-2026-34164 is a medium-severity vulnerability in Valtimo-platform Valtimo, classified under Insertion of Sensitive Information into Log File. CVSS score: 4.9/10. Published 2026-04-16.
How severe is CVE-2026-34164?: Medium severity. CVSS v3 base score is 4.9 out of 10.