Apache Thrift — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in Apache Thrift, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE ID	Title	CVSS	Severity	Published
CVE-2026-43868	Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern CWE-789	9.1	-	2026-05-05
CVE-2026-43870	Apache Thrift: Node.js web_server.js multi-vulnerability CWE-346	7.5	-	2026-05-05
CVE-2026-43869	Apache Thrift: TSSLTransportFactory.java hostname verification CWE-297	7.5	-	2026-05-05
CVE-2026-41636	Apache Thrift: Node.js skip() recursion CWE-674	7.5^AI	High^AI	2026-04-28
CVE-2026-41607	Apache Thrift: C++ JSON OOB read CWE-125	7.5^AI	High^AI	2026-04-28
CVE-2026-41606	Apache Thrift: c_glib dispatch stack overflow CWE-674	7.5^AI	High^AI	2026-04-28
CVE-2026-41605	Apache Thrift: Swift Compact Protocol integer overflow CWE-190	9.8^AI	Critical^AI	2026-04-28
CVE-2026-41604	Apache Thrift: Swift Range crash in skip() CWE-125	7.5^AI	High^AI	2026-04-28
CVE-2026-41603	Apache Thrift: Java TSSLTransportFactory hostname verification CWE-297	7.5^AI	High^AI	2026-04-28
CVE-2026-41602	Apache Thrift: Go TFramedTransport uint32 overflow CWE-190	9.8^AI	Critical^AI	2026-04-28
CVE-2025-48431	Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error. CWE-762	7.5^AI	High^AI	2026-04-28
CVE-2020-13949	Apache Thrift 资源管理错误漏洞	7.5	-	2021-02-12
CVE-2019-0205	Apache Thrift 安全漏洞	7.5	-	2019-10-28
CVE-2019-0210	Apache Thrift 缓冲区错误漏洞	7.5	-	2019-10-28
CVE-2018-1320	Apache Thrift 信任管理问题漏洞	7.5	-	2019-01-07
CVE-2018-11798	Apache Thrift Node.js static web服务器访问控制错误漏洞	6.5	-	2019-01-07
CVE-2016-5397	Apache Thrift Go client库安全漏洞	9.8	-	2018-02-12

All 17 known CVE vulnerabilities affecting Apache Thrift with full Chinese analysis, references, and POCs where available.