Description

Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data (PII), citizen identifiers (BSN), and case details. This data is exposed to anyone with access to application logs or any Valtimo user with the admin role through the Admin UI logging module. This issue has been fixed in version 13.22.0. If developers are unable to upgrade immediately, they can restrict access to application logs and adjust the log level for com.ritense.inbox to WARN or higher in their application configuration as a workaround.

INFO

Published Date :

2026-04-16T21:17:35.472Z

Last Modified :

2026-04-16T21:17:35.472Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34164 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34164.

URL Resource
https://github.com/generiekzaakafhandelcomponent/gzac-issues/issues/653 cve-icon cve-icon
https://github.com/valtimo-platform/valtimo/commit/f16a1940ba7b34627c0b966f98ca78655ace9335 cve-icon cve-icon
https://github.com/valtimo-platform/valtimo/pull/497 cve-icon cve-icon
https://github.com/valtimo-platform/valtimo/releases/tag/13.22.0 cve-icon cve-icon
https://github.com/valtimo-platform/valtimo/security/advisories/GHSA-hfrg-mcvw-8mch cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact