HIGH 7.3 Maven
Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability
GHSA-7pwc-h2j2-rjgj · BIT-thrift-2026-43869 · CVE-2026-43869
Published · Modified
Description
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-43869
- WEB https://github.com/apache/thrift/commit/0919c3d5506151514e283a63e1fe1ce83e2449d8
- PACKAGE https://github.com/apache/thrift
- WEB https://github.com/apache/thrift/releases/tag/v0.23.0
- WEB https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r
- WEB http://www.openwall.com/lists/oss-security/2026/05/05/3
Ready to move
Start Securing
Free, no credit card | First findings in minutes