Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Apache Thrift — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in Apache Thrift, with AI-generated Chinese analysis, references, and POCs.

This page aggregates known security vulnerabilities associated with the Apache Thrift software framework, specifically categorized under common weakness types found in distributed systems. It collects data regarding various flaw categories, including remote code execution, denial of service, and information disclosure issues, covering a comprehensive time range from initial public disclosures through the present day. Here, you can track a vendor's advisories to stay updated on the latest patch releases and mitigation strategies issued by the Apache Software Foundation. The page allows users to understand a weakness class by examining how specific flaws manifest within the Thrift serialization and RPC architecture, providing context on the root causes and potential attack vectors. Additionally, you can look up a product's vulnerability history to analyze trends in security reporting and resolution times for Apache Thrift releases. This resource is designed for security analysts, developers, and system administrators who need to assess the risk posture of applications utilizing the Thrift protocol. By consolidating these details, the page facilitates a clearer understanding of the security landscape surrounding this widely used interoperability library. Readers can use the information to prioritize remediation efforts, evaluate the impact of unpatched systems, and ensure compliance with internal security policies. The content is structured to support efficient decision-making regarding software maintenance and upgrade schedules without requiring deep technical expertise in every specific vulnerability mechanism.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern CWE-789 9.1 -2026-05-05
CVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability CWE-346 7.5 -2026-05-05
CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification CWE-297 7.5 -2026-05-05
CVE-2026-41636 Apache Thrift: Node.js skip() recursion CWE-674 7.5AIHighAI2026-04-28
CVE-2026-41607 Apache Thrift: C++ JSON OOB read CWE-125 7.5AIHighAI2026-04-28
CVE-2026-41606 Apache Thrift: c_glib dispatch stack overflow CWE-674 7.5AIHighAI2026-04-28
CVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow CWE-190 9.8AICriticalAI2026-04-28
CVE-2026-41604 Apache Thrift: Swift Range crash in skip() CWE-125 7.5AIHighAI2026-04-28
CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification CWE-297 7.5AIHighAI2026-04-28
CVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflow CWE-190 9.8AICriticalAI2026-04-28
CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error. CWE-762 7.5AIHighAI2026-04-28
CVE-2020-13949 Apache Thrift 资源管理错误漏洞 7.5 -2021-02-12
CVE-2019-0205 Apache Thrift 安全漏洞 7.5 -2019-10-28
CVE-2019-0210 Apache Thrift 缓冲区错误漏洞 7.5 -2019-10-28
CVE-2018-1320 Apache Thrift 信任管理问题漏洞 7.5 -2019-01-07
CVE-2018-11798 Apache Thrift Node.js static web服务器访问控制错误漏洞 6.5 -2019-01-07
CVE-2016-5397 Apache Thrift Go client库安全漏洞 9.8 -2018-02-12

All 17 known CVE vulnerabilities affecting Apache Thrift with full Chinese analysis, references, and POCs where available.