Medium severity5.3NVD Advisory· Published May 5, 2026· Updated May 6, 2026
CVE-2026-43868
CVE-2026-43868
Description
Memory Allocation with Excessive Size Value vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
thriftcrates.io | <= 0.22.0 | — |
Affected products
3- osv-coords2 versions
< 0.23.0+ 1 more
- (no CPE)range: < 0.23.0
- (no CPE)range: <= 0.22.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-2f9f-gq7v-9h6mghsaADVISORY
- lists.apache.org/thread/zj76dtwnbbs1m7z3focf4wd51pqpsmn9nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-43868ghsaADVISORY
- github.com/apache/thrift/commit/d5152211af61f850ec393604316804096dd4632eghsaWEB
News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026