Vulnerability in Apache Software Foundation Log4j Api
CVE-2026-49844
Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version 2.26.0. …
Affected products
- Apache Software Foundation Log4j Api — versions 2.13.1, 2.26.0, 3.0.0-alpha1
Weakness classification (CWE)
References
- security@apache.org (related)
- security@apache.org (patch)
- security@apache.org (vendor-advisory)
- security@apache.org (vendor-advisory)