Apache Thrift
12 CVEs affecting Apache Thrift. Latest disclosed: 2026-05-05. Critical: 0, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-41604 | High | 8.2 | 2026-04-28 | Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which… |
CVE-2026-41636 | High | 7.5 | 2026-04-28 | Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to v… |
CVE-2026-41602 | High | 7.5 | 2026-04-28 | Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Us… |
CVE-2025-48431 | High | 7.5 | 2026-04-28 | Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are rec… |
CVE-2026-41603 | High | 7.4 | 2026-04-28 | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended… |
CVE-2026-43870 | High | 7.3 | 2026-05-05 | Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP Head… |
CVE-2026-43869 | High | 7.3 | 2026-05-05 | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended… |
CVE-2026-41605 | High | 7.3 | 2026-04-28 | Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0… |
CVE-2026-41607 | Medium | 6.5 | 2026-04-28 | Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which… |
CVE-2015-3254 | Medium | 6.5 | 2017-06-16 | The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involvi… |
CVE-2026-43868 | Medium | 5.3 | 2026-05-05 | Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade… |
CVE-2026-41606 | Medium | 5.3 | 2026-04-28 | Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, w… |