Out-of-bounds Read Vulnerability in Apache Thrift from Apache
CVE-2026-41604

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Thrift
Vendor: CVE Published:; 28 April 2026

What is CVE-2026-41604?

An out-of-bounds read vulnerability exists in Apache Thrift, impacting versions prior to 0.23.0. This flaw could lead to unauthorized access to sensitive data or exposure of application internals, jeopardizing the confidentiality of user information. Users are strongly advised to upgrade to version 0.23.0 to mitigate potential security risks.

Affected Version(s)

Apache Thrift 0 < 0.23.0

References

https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925p...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Apr 21, 2026

Credit

Hasnain Lakhani

CVE-2026-41604 Data

JSON