High severity7.5NVD Advisory· Published Apr 28, 2026· Updated Apr 28, 2026
CVE-2026-41602
CVE-2026-41602
Description
Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/apache/thriftGo | < 0.23.0 | 0.23.0 |
Affected products
162- osv-coords161 versionspkg:apk/chainguard/agentbeatpkg:apk/chainguard/agentbeat-fipspkg:apk/chainguard/amazon-cloudwatch-agentpkg:apk/chainguard/amazon-cloudwatch-agent-fipspkg:apk/chainguard/apm-server-8.19pkg:apk/chainguard/apm-server-fips-8.19pkg:apk/chainguard/aws-otel-collectorpkg:apk/chainguard/aws-otel-collector-fipspkg:apk/chainguard/bentopkg:apk/chainguard/bento-fipspkg:apk/chainguard/dapr-daprd-1.16pkg:apk/chainguard/dapr-daprd-fips-1.16pkg:apk/chainguard/datadog-agent-7.75-fullpkg:apk/chainguard/datadog-agent-7.76-fullpkg:apk/chainguard/datadog-agent-7.77-fullpkg:apk/chainguard/datadog-agent-7.78-fullpkg:apk/chainguard/datadog-agent-fips-7.73-fullpkg:apk/chainguard/datadog-agent-fips-7.76-fullpkg:apk/chainguard/datadog-agent-fips-7.77-fullpkg:apk/chainguard/datadog-agent-fips-7.78-fullpkg:apk/chainguard/elastic-agent-8.19pkg:apk/chainguard/elastic-agent-9.2pkg:apk/chainguard/elastic-agent-9.4pkg:apk/chainguard/elastic-agent-fips-8.19pkg:apk/chainguard/elastic-agent-fips-9.2pkg:apk/chainguard/elastic-agent-fips-9.4pkg:apk/chainguard/elastic-otel-collector-9.3pkg:apk/chainguard/elastic-otel-collector-9.4pkg:apk/chainguard/elastic-otel-collector-fips-9.3pkg:apk/chainguard/falcosidekickpkg:apk/chainguard/falcosidekick-fipspkg:apk/chainguard/filebeat-8.17pkg:apk/chainguard/filebeat-8.19pkg:apk/chainguard/filebeat-9.0pkg:apk/chainguard/filebeat-9.1pkg:apk/chainguard/filebeat-9.2pkg:apk/chainguard/filebeat-9.3pkg:apk/chainguard/filebeat-9.4pkg:apk/chainguard/filebeat-fips-8.17pkg:apk/chainguard/filebeat-fips-8.19pkg:apk/chainguard/filebeat-fips-9.0pkg:apk/chainguard/filebeat-fips-9.1pkg:apk/chainguard/filebeat-fips-9.2pkg:apk/chainguard/filebeat-fips-9.3pkg:apk/chainguard/filebeat-fips-9.4pkg:apk/chainguard/grafana-11.6pkg:apk/chainguard/grafana-12.2pkg:apk/chainguard/grafana-12.3pkg:apk/chainguard/grafana-12.4pkg:apk/chainguard/grafana-13.0pkg:apk/chainguard/grafana-alloypkg:apk/chainguard/grafana-alloy-fipspkg:apk/chainguard/grafana-fips-11.6pkg:apk/chainguard/grafana-fips-12.2pkg:apk/chainguard/grafana-fips-12.3pkg:apk/chainguard/grafana-fips-12.4pkg:apk/chainguard/grafana-fips-13.0pkg:apk/chainguard/jaeger-2-fips-jaegerpkg:apk/chainguard/jaeger-2-fips-remote-storagepkg:apk/chainguard/jaeger-2-remote-storagepkg:apk/chainguard/jitsucom-bulker-bulkerpkg:apk/chainguard/jitsucom-bulker-sidecarpkg:apk/chainguard/loki-3.7pkg:apk/chainguard/loki-3.7-logclipkg:apk/chainguard/loki-fips-3.7pkg:apk/chainguard/loki-fips-3.7-logclipkg:apk/chainguard/milvus-2.5pkg:apk/chainguard/milvus-2.6pkg:apk/chainguard/miniopkg:apk/chainguard/minio-fipspkg:apk/chainguard/nri-cassandra-fipspkg:apk/chainguard/nri-cassandra-jdk11pkg:apk/chainguard/nri-jmx-fipspkg:apk/chainguard/nri-jmx-jdk11pkg:apk/chainguard/nri-kafkapkg:apk/chainguard/nri-kafka-fipspkg:apk/chainguard/opentelemetry-collectorpkg:apk/chainguard/opentelemetry-collector-contribpkg:apk/chainguard/opentelemetry-collector-contrib-fipspkg:apk/chainguard/opentelemetry-collector-fipspkg:apk/chainguard/peerdb-flowpkg:apk/chainguard/plutonopkg:apk/chainguard/plutono-fipspkg:apk/chainguard/seaweedfspkg:apk/chainguard/seaweedfs-fipspkg:apk/chainguard/seaweedfs-rocksdb-fipspkg:apk/chainguard/splunk-otel-collectorpkg:apk/chainguard/splunk-otel-collector-fipspkg:apk/chainguard/telegraf-1.37pkg:apk/chainguard/telegraf-1.38pkg:apk/chainguard/tempo-2.10pkg:apk/chainguard/tempo-2.10-clipkg:apk/chainguard/tempo-2.10-querypkg:apk/chainguard/tempo-2.10-vulturepkg:apk/chainguard/tempo-2.8pkg:apk/chainguard/tempo-2.8-clipkg:apk/chainguard/tempo-2.8-querypkg:apk/chainguard/tempo-2.8-vulturepkg:apk/chainguard/tempo-2.9pkg:apk/chainguard/tempo-2.9-clipkg:apk/chainguard/tempo-2.9-querypkg:apk/chainguard/tempo-2.9-vulturepkg:apk/chainguard/tempo-fips-2.10pkg:apk/chainguard/tempo-fips-2.10-clipkg:apk/chainguard/tempo-fips-2.10-querypkg:apk/chainguard/tempo-fips-2.10-vulturepkg:apk/chainguard/tempo-fips-2.8pkg:apk/chainguard/tempo-fips-2.8-clipkg:apk/chainguard/tempo-fips-2.8-querypkg:apk/chainguard/tempo-fips-2.8-vulturepkg:apk/chainguard/tempo-fips-2.9pkg:apk/chainguard/tempo-fips-2.9-clipkg:apk/chainguard/tempo-fips-2.9-querypkg:apk/chainguard/tempo-fips-2.9-vulturepkg:apk/chainguard/temporalpkg:apk/chainguard/temporal-fipspkg:apk/chainguard/temporal-serverpkg:apk/chainguard/temporal-server-fipspkg:apk/chainguard/vault-2.0pkg:apk/chainguard/vault-fips-2.0pkg:apk/wolfi/amazon-cloudwatch-agentpkg:apk/wolfi/aws-otel-collectorpkg:apk/wolfi/bentopkg:apk/wolfi/dapr-daprd-1.16pkg:apk/wolfi/datadog-agent-7.77-fullpkg:apk/wolfi/datadog-agent-7.78-fullpkg:apk/wolfi/falcosidekickpkg:apk/wolfi/grafana-12.2pkg:apk/wolfi/grafana-12.3pkg:apk/wolfi/grafana-12.4pkg:apk/wolfi/grafana-13.0pkg:apk/wolfi/grafana-alloypkg:apk/wolfi/jaeger-2-remote-storagepkg:apk/wolfi/jitsucom-bulker-bulkerpkg:apk/wolfi/jitsucom-bulker-sidecarpkg:apk/wolfi/loki-3.7pkg:apk/wolfi/loki-3.7-logclipkg:apk/wolfi/miniopkg:apk/wolfi/nri-cassandra-jdk11pkg:apk/wolfi/nri-jmx-jdk11pkg:apk/wolfi/nri-kafkapkg:apk/wolfi/opentelemetry-collectorpkg:apk/wolfi/opentelemetry-collector-contribpkg:apk/wolfi/seaweedfspkg:apk/wolfi/splunk-otel-collectorpkg:apk/wolfi/telegraf-1.37pkg:apk/wolfi/telegraf-1.38pkg:apk/wolfi/tempo-2.10pkg:apk/wolfi/tempo-2.10-clipkg:apk/wolfi/tempo-2.10-querypkg:apk/wolfi/tempo-2.10-vulturepkg:apk/wolfi/temporalpkg:apk/wolfi/temporal-serverpkg:bitnami/thriftpkg:golang/github.com/apache/thriftpkg:rpm/opensuse/alloy&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/amazon-cloudwatch-agent&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/grafana&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/grafana&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/thrift&distro=openSUSE%20Tumbleweedpkg:rpm/suse/alloy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
< 9.2.7-r9+ 160 more
- (no CPE)range: < 9.2.7-r9
- (no CPE)range: < 9.2.7-r9
- (no CPE)range: < 1.300068.0-r1
- (no CPE)range: < 1.300068.0-r1
- (no CPE)range: < 8.19.15-r1
- (no CPE)range: < 8.19.15-r1
- (no CPE)range: < 0.47.0-r15
- (no CPE)range: < 0.47.0-r11
- (no CPE)range: < 1.17.0-r5
- (no CPE)range: < 1.17.0-r3
- (no CPE)range: < 1.16.14-r3
- (no CPE)range: < 1.16.14-r3
- (no CPE)range: < 7.75.4-r7
- (no CPE)range: < 7.76.3-r19
- (no CPE)range: < 7.77.3-r6
- (no CPE)range: < 7.78.4-r8
- (no CPE)range: < 7.73.3-r20
- (no CPE)range: < 7.76.3-r18
- (no CPE)range: < 7.77.3-r7
- (no CPE)range: < 7.78.4-r5
- (no CPE)range: < 8.19.15-r5
- (no CPE)range: < 9.2.8-r9
- (no CPE)range: < 9.4.1-r2
- (no CPE)range: < 8.19.15-r4
- (no CPE)range: < 9.2.8-r8
- (no CPE)range: < 9.4.0-r1
- (no CPE)range: < 9.3.4-r4
- (no CPE)range: < 9.4.1-r2
- (no CPE)range: < 9.3.4-r4
- (no CPE)range: < 2.33.0-r6
- (no CPE)range: < 2.33.0-r5
- (no CPE)range: < 8.17.10-r20
- (no CPE)range: < 8.19.15-r1
- (no CPE)range: < 9.0.8-r21
- (no CPE)range: < 9.1.10-r15
- (no CPE)range: < 9.2.8-r8
- (no CPE)range: < 9.3.5-r0
- (no CPE)range: < 9.4.2-r0
- (no CPE)range: < 8.17.10-r19
- (no CPE)range: < 8.19.16-r0
- (no CPE)range: < 9.0.8-r22
- (no CPE)range: < 9.1.10-r17
- (no CPE)range: < 9.2.8-r10
- (no CPE)range: < 9.3.4-r5
- (no CPE)range: < 9.4.1-r2
- (no CPE)range: < 11.6.14.04-r3
- (no CPE)range: < 12.2.8.04-r1
- (no CPE)range: < 12.3.6.04-r1
- (no CPE)range: < 12.4.2-r13
- (no CPE)range: < 13.0.1-r7
- (no CPE)range: < 1.15.1-r4
- (no CPE)range: < 1.15.1-r3
- (no CPE)range: < 11.6.14.04-r1
- (no CPE)range: < 12.2.8.04-r1
- (no CPE)range: < 12.3.6.04-r2
- (no CPE)range: < 12.4.2-r13
- (no CPE)range: < 13.0.1-r4
- (no CPE)range: < 2.17.0-r5
- (no CPE)range: < 2.17.0-r5
- (no CPE)range: < 2.17.0-r8
- (no CPE)range: < 2.11.913-r27
- (no CPE)range: < 2.11.913-r27
- (no CPE)range: < 3.7.2-r1
- (no CPE)range: < 3.7.2-r1
- (no CPE)range: < 3.7.2-r1
- (no CPE)range: < 3.7.2-r1
- (no CPE)range: < 2.5.27-r10
- (no CPE)range: < 2.6.14-r5
- (no CPE)range: < 0.20260512.133534-r0
- (no CPE)range: < 0.20260512.133534-r0
- (no CPE)range: < 2.19.0-r1
- (no CPE)range: < 2.19.0-r1
- (no CPE)range: < 3.13.0-r1
- (no CPE)range: < 3.13.0-r1
- (no CPE)range: < 3.18.0-r1
- (no CPE)range: < 3.18.0-r1
- (no CPE)range: < 0.152.1-r0
- (no CPE)range: < 0.151.0-r0
- (no CPE)range: < 0.151.0-r0
- (no CPE)range: < 0.152.0-r0
- (no CPE)range: < 0.36.18-r3
- (no CPE)range: < 7.5.49-r1
- (no CPE)range: < 7.5.49-r1
- (no CPE)range: < 4.23-r2
- (no CPE)range: < 4.26-r1
- (no CPE)range: < 4.21-r0
- (no CPE)range: < 0.152.0-r0
- (no CPE)range: < 0.151.0-r1
- (no CPE)range: < 1.37.3-r15
- (no CPE)range: < 1.38.3-r4
- (no CPE)range: < 2.10.5-r4
- (no CPE)range: < 2.10.5-r4
- (no CPE)range: < 2.10.5-r4
- (no CPE)range: < 2.10.5-r4
- (no CPE)range: < 2.8.4-r3
- (no CPE)range: < 2.8.4-r3
- (no CPE)range: < 2.8.4-r3
- (no CPE)range: < 2.8.4-r3
- (no CPE)range: < 2.9.2-r3
- (no CPE)range: < 2.9.2-r3
- (no CPE)range: < 2.9.2-r3
- (no CPE)range: < 2.9.2-r3
- (no CPE)range: < 2.10.5-r1
- (no CPE)range: < 2.10.5-r1
- (no CPE)range: < 2.10.5-r1
- (no CPE)range: < 2.10.5-r1
- (no CPE)range: < 2.8.3-r7
- (no CPE)range: < 2.8.3-r7
- (no CPE)range: < 2.8.3-r7
- (no CPE)range: < 2.8.3-r7
- (no CPE)range: < 2.9.1-r9
- (no CPE)range: < 2.9.1-r9
- (no CPE)range: < 2.9.1-r9
- (no CPE)range: < 2.9.1-r9
- (no CPE)range: < 1.7.0-r3
- (no CPE)range: < 1.7.0-r3
- (no CPE)range: < 1.31.0-r0
- (no CPE)range: < 1.30.4-r2
- (no CPE)range: < 2.0.0-r2
- (no CPE)range: < 2.0.0-r2
- (no CPE)range: < 1.300068.0-r1
- (no CPE)range: < 0.47.0-r15
- (no CPE)range: < 1.17.0-r5
- (no CPE)range: < 1.16.14-r3
- (no CPE)range: < 7.77.3-r6
- (no CPE)range: < 7.78.4-r8
- (no CPE)range: < 2.33.0-r6
- (no CPE)range: < 12.2.8.04-r1
- (no CPE)range: < 12.3.6.04-r1
- (no CPE)range: < 12.4.2-r13
- (no CPE)range: < 13.0.1-r7
- (no CPE)range: < 1.15.1-r4
- (no CPE)range: < 2.17.0-r8
- (no CPE)range: < 2.11.913-r27
- (no CPE)range: < 2.11.913-r27
- (no CPE)range: < 3.7.2-r1
- (no CPE)range: < 3.7.2-r1
- (no CPE)range: < 0.20260512.133534-r0
- (no CPE)range: < 2.19.0-r1
- (no CPE)range: < 3.13.0-r1
- (no CPE)range: < 3.18.0-r1
- (no CPE)range: < 0.152.1-r0
- (no CPE)range: < 0.151.0-r0
- (no CPE)range: < 4.23-r2
- (no CPE)range: < 0.152.0-r0
- (no CPE)range: < 1.37.3-r15
- (no CPE)range: < 1.38.3-r4
- (no CPE)range: < 2.10.5-r4
- (no CPE)range: < 2.10.5-r4
- (no CPE)range: < 2.10.5-r4
- (no CPE)range: < 2.10.5-r4
- (no CPE)range: < 1.7.0-r3
- (no CPE)range: < 1.31.0-r0
- (no CPE)range: < 0.23.0
- (no CPE)range: < 0.23.0
- (no CPE)range: < 1.16.1-1.1
- (no CPE)range: < 1.300066.1-1.1
- (no CPE)range: < 11.6.14+security04-bp160.1.1
- (no CPE)range: < 11.6.14+security01-3.1
- (no CPE)range: < 0.23.0-1.1
- (no CPE)range: < 1.16.1-150700.15.20.1
Patches
Vulnerability mechanics
References
4- lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwqlnvdMailing ListPatchRelease NotesWEB
- github.com/advisories/GHSA-wf45-q9ch-q8ghghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-41602ghsaADVISORY
- www.openwall.com/lists/oss-security/2026/04/28/6nvdMailing ListWEB
News mentions
0No linked articles in our index yet.