Integer Overflow Vulnerability in Apache Thrift by Apache
CVE-2026-41602

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Thrift
Vendor: CVE Published:; 28 April 2026

What is CVE-2026-41602?

An Integer Overflow vulnerability exists in the Go language implementation of TFramedTransport in Apache Thrift, affecting versions prior to 0.23.0. This flaw can lead to unexpected behavior or crashes, potentially exposing systems to security risks. Users are advised to immediately upgrade to version 0.23.0 to mitigate the issue.

Affected Version(s)

Apache Thrift 0 < 0.23.0

References

https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925p...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Apr 21, 2026

Credit

김범수

CVE-2026-41602 Data

JSON