Origin Validation Error and Path Traversal in Apache Thrift
CVE-2026-43870

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Thrift
Vendor: CVE Published:; 5 May 2026

What is CVE-2026-43870?

A vulnerability in Apache Thrift prior to version 0.23.0 enables origin validation errors, path traversal issues, improper handling of CRLF sequences in HTTP headers, and uncontrolled resource consumption. This can potentially allow attackers to manipulate resources or perform unauthorized actions, making it essential for users to promptly upgrade to version 0.23.0 to mitigate associated risks.

Affected Version(s)

Apache Thrift 0 < 0.23.0

References

https://lists.apache.org/thread/pgtfq44ltc9t63kxcbqmwqzt4...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
May 4, 2026

CVE-2026-43870 Data

JSON