Out-of-bounds Read Vulnerability in Apache Thrift by Apache
CVE-2026-41607

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Thrift
Vendor: CVE Published:; 28 April 2026

What is CVE-2026-41607?

An out-of-bounds read vulnerability has been identified in Apache Thrift, affecting versions prior to 0.23.0. This security flaw can potentially allow attackers to access sensitive information outside of the intended memory boundaries. To mitigate the risks associated with this vulnerability, users are strongly encouraged to upgrade to version 0.23.0 or later, which includes necessary security fixes to address this issue effectively.

Affected Version(s)

Apache Thrift 0 < 0.23.0

References

https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925p...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Apr 21, 2026

Credit

Hasnain Lakhani

CVE-2026-41607 Data

JSON