Third-Party Package Updates in Splunk AppDynamics Java Agent - May 2026
Advisory ID: SVD-2026-0513
CVE ID: Multiple
Published: 2026-05-20
Last Update: 2026-05-20
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Java Agent version 26.4.0, and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| libarchive1 | Upgraded to version 3.5.3-9.el9_7 | Multiple | High |
| log4j-core2 | Upgraded to version 2.25.4 | Multiple | Medium |
1 Upgraded libarchive from version 3.5.3-6.el9_6 to version 3.5.3-9.el9_7 to remedy CVE-2026-5121, CVE-2026-4111, and CVE-2026-4424.
2 Upgraded log4j-core from version 2.25.3 to version 2.25.4 to remedy CVE-2026-34477, CVE-2026-34478, and CVE-2026-34480.
Solution
Upgrade Splunk AppDynamics Java Agent to version 26.4.0 or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk AppDynamics Java Agent | 26.4 | Below 26.4.0 | 26.4.0 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.