Improper Certificate Validation in Apache Thrift by Apache
CVE-2026-41603

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Thrift
Vendor: CVE Published:; 28 April 2026

What is CVE-2026-41603?

An improper validation of certificates with host mismatch vulnerability exists in Apache Thrift, impacting versions prior to 0.23.0. This flaw can lead to potential security risks, making it crucial for users to upgrade to the latest version to mitigate threats and improve security measures.

Affected Version(s)

Apache Thrift 0 < 0.23.0

References

https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925p...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Apr 21, 2026

CVE-2026-41603 Data

JSON