Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-2404: Unsecured Log Output on Apache Struts Allows Log Injection

CVE-2026-2404

Summary

Apache Struts contains a security issue that allows attackers to manipulate log entries by altering a specific request. This could potentially lead to false or misleading information in the logs. To protect against this, update your Apache Struts installation to the latest version.

Original title

CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload.

Original description

CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload.

nvd CVSS4.0 6.9

Vulnerability type

CWE-116

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDoc...

Published: 14 Apr 2026 · Updated: 20 Apr 2026 · First seen: 14 Apr 2026