Improper Validation Vulnerability in Apache Thrift by Apache
CVE-2026-43869

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Thrift
Vendor: CVE Published:; 5 May 2026

What is CVE-2026-43869?

An improper validation of certificate with host mismatch vulnerability in Apache Thrift exposes users to potential security risks. This flaw, present in versions prior to 0.23.0, can result in severe security implications if not addressed. Users are strongly encouraged to upgrade to version 0.23.0 to mitigate this risk and ensure secure communications.

Affected Version(s)

Apache Thrift 0 < 0.23.0

References

https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dh...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
May 4, 2026

CVE-2026-43869 Data

JSON