Overview
This advisory addresses a known security vulnerability identified in a third-party dependency used within DPGW.
Vulnerability Details
- CVE ID: CVE-2026-1225
- Dependency Name: logback-core
- Affected Version of Dependency: <=1.5.24
- Severity Score: 1.8 Low
Affected Versions of DPGW
- 1.13.13-REL – 1.13.14-REL
- <=1.12.37-REL
Risk Assessment & Applicability
Usage
DPGW utilizes the logback specifically for writing, rotating and managing log files.
Analysis
Logback.xml in our implementation is only reachable by system administrator that already has full access to the system.
We do not support access to the logback.xml file by any other means. Permissions on the logback.xml file are set to 644.
Status
Not Affected
Remediation & Mitigations
Fix
Update to: 1.13.15-REL or newer, 1.12.38-REL or newer.
User Actions
No action required by users at this time