Root has patched CVE-2026-1225 in the io.root.ch.qos.logback:logback-core package for Root:Maven. Multiple fixed versions available.
{
"distro": "maven",
"source": "Root",
"distro_version": "",
"severity": "MEDIUM"
}[
"1.3.5-root.io.1",
"1.2.9-root.io.1",
"1.2.10-root.io.1",
"1.5.18-root.io.2",
"1.4.11-root.io.5",
"1.1.3-root.io.2",
"1.2.10-root.io.2",
"1.2.9-root.io.2",
"1.5.18-root.io.3",
"1.1.3-root.io.3",
"1.4.11-root.io.6",
"1.5.8-root.io.1",
"1.5.19-root.io.1",
"1.5.8-root.io.2",
"1.0.12-root.io.1",
"1.3.15-root.io.1"
]
"root.io.1"
16.0
"https://api.root.io/external/osv/ROOT-APP-MAVEN-CVE-2026-1225.json"
true
"1.3.15"
[
"1.2.10-aikido.2",
"1.2.9-aikido.2",
"1.5.18-aikido.3",
"1.1.3-aikido.3",
"1.4.11-aikido.6",
"1.5.19-aikido.1",
"1.5.8-aikido.2",
"1.0.12-aikido.1",
"1.3.15-aikido.1"
]
""
9.0
"https://api.root.io/external/osv/ROOT-APP-MAVEN-CVE-2026-1225.json"
true
"1.3.15-aikido.1"