## CVE-2026-34479: Medium-Severity Vulnerability Detected in Apache Log4j 2.11.2
A newly identified medium-severity vulnerability, CVE-2026-34479, has been flagged within a widely used Apache Log4j component. The specific vulnerable library is log4j-core-2.11.2.jar, a version of the ubiquitous Java logging framework. This finding is not an isolated incident but a direct dependency within a larger software artifact, the solr-velocity-8.3.1.jar library, indicating the flaw is embedded in a production-ready application stack.

The vulnerability was detected in the master branch of a GitHub repository, pinpointed to a specific commit (bada63441522c15b923cde8a080ad10d787106e1). The scanner's report details the exact file path within the project's Maven repository, confirming the presence of the outdated and vulnerable Log4j package. This pattern mirrors the high-profile Log4Shell crisis, raising immediate concerns about the persistent use of legacy, unsupported versions of critical infrastructure software in active codebases.

The discovery signals ongoing supply chain risks for projects relying on the Apache Solr ecosystem and, by extension, any Java-based application using similar dependency trees. While rated as medium severity, the presence of any CVE in a core logging library necessitates urgent scrutiny from development and security teams to assess exposure, apply patches, or upgrade to a secure version to mitigate potential exploitation vectors.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: CVE, Apache Log4j, Software Vulnerability, Supply Chain, Java Security
- **Credibility**: unverified
- **Published**: 2026-04-12 12:22:42
- **ID**: 60615
- **URL**: https://whisperx.ai/en/intel/60615