Quickfire Cyber Bulletin June 5, 2026
← Back

CVE-2021-44228

Apache Log4j2 Remote Code Execution Vulnerability

High

Description

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Scores & Signals

EPSS score 0.9445 (100.0th percentile)
CISA KEV Yes — actively exploited (added 2021-12-10) · due 2021-12-24
Affected Apache Log4j2

Sources

External references

Risk scores are deterministic, based on public signals only. They are informational context, not a final verdict. Always consult vendor advisories before taking action.