VDB

CVE-2026-24317

CVE-2026-24317 PUBLISHED CVSS 5 MEDIUM

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

EPSS 0.05% · 16.6th percentile

Risk Scores

CVSS 3.1
5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS Score
0.05%
16.6th percentile

Affected Products

VendorProductVersions
Apache Software FoundationLog4jversions up to 1.2.17
SAP_SESAP GUI for Windows with active GuiXTBC-FES-GUI 8.00, *

Exploit Intelligence

…and 311 more exploits

Timeline

  • Jun 28, 2021 PoC Published
  • Dec 10, 2021 PoC Published
  • Dec 11, 2021 PoC Published
  • Dec 13, 2021 PoC Published
  • Jun 7, 2022 PoC Published
  • Sep 16, 2022 PoC Published
  • Nov 21, 2023 PoC Published
  • Dec 8, 2023 PoC Published
  • Dec 11, 2023 PoC Published
  • Mar 1, 2024 PoC Published
  • Apr 5, 2024 PoC Published
  • Jul 17, 2024 PoC Published

References

…and 97 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›