## Critical Log4j Flaw Survives Initial Patch: CVE-2021-45046 Exposes Systems Using Non-Default Pattern Layouts A critical vulnerability in Apache Log4j has persisted despite an initial remediation effort, raising serious concerns for organizations relying on the widely deployed logging library. Security scans have identified CVE-2021-45046 in log4j-core-2.8.2.jar, marking the vulnerability as Critical severity and signaling that the fix deployed for the earlier CVE-2021-44228 flaw in Log4j 2.15.0 was incomplete under certain configuration scenarios. The vulnerability specifically targets systems where logging configurations use non-default Pattern Layouts combined with Context Lookup patterns—such as $${ctx:loginId}—or Thread Context Map patterns including %X, %mdc, or %MDC. Under these conditions, attackers with the ability to influence Thread Context Map input data can craft malicious payloads leveraging JNDI Lookup patterns. The incomplete patch means that these specially constructed inputs can still trigger unauthorized information disclosure, leaving affected systems exposed to remote exploitation. Apache Log4j serves as a foundational component across countless enterprise applications, web services, and cloud infrastructure. Organizations that upgraded to Log4j 2.15.0 assuming full remediation may still harbor the vulnerability if their logging setups involve these specific non-default configurations. Security teams are urged to audit their dependency trees for log4j-core versions, verify whether their Pattern Layout implementations trigger the vulnerable conditions, and apply the latest Log4j releases which address this gap. The persistence of this flaw underscores the complexity of patching deeply embedded open-source components and the ongoing risk of incomplete fixes in supply chain security. --- - **Source**: GitHub Issues - **Sector**: The Lab - **Tags**: cve-2021-45046, log4j, apache, vulnerability, security - **Credibility**: unverified - **Published**: 2026-05-03 04:54:08 - **ID**: 79074 - **URL**: https://whisperx.ai/en/intel/79074