Apache Log4j: Missing Log4j Configuration Allows Sensitive Data Exposure

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache Log4j: Missing Log4j Configuration Allows Sensitive Data Exposure

CVE-2026-26254

Summary

Apache Log4j is missing a required configuration setting that can expose sensitive data. If not fixed, attackers might access and use this data. Update your Apache Log4j configuration to include the missing setting to prevent this risk.

Original title

Rejected reason: Not used

Original description

Rejected reason: Not used

Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026