High severity7.3NVD Advisory· Published May 5, 2026· Updated May 6, 2026
CVE-2026-43869
CVE-2026-43869
Description
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.thrift:libthriftMaven | < 0.23.0 | 0.23.0 |
Affected products
8- osv-coords7 versionspkg:apk/chainguard/spark-4.0-scala-2.13pkg:apk/chainguard/spark-fips-4.1-scala-2.13pkg:apk/chainguard/zipkinpkg:apk/wolfi/spark-4.0-scala-2.13pkg:apk/wolfi/zipkinpkg:bitnami/thriftpkg:maven/org.apache.thrift/libthrift
< 4.0.2-r11+ 6 more
- (no CPE)range: < 4.0.2-r11
- (no CPE)range: < 4.1.1-r13
- (no CPE)range: < 3.6.1-r6
- (no CPE)range: < 4.0.2-r11
- (no CPE)range: < 3.6.1-r6
- (no CPE)range: < 0.23.0
- (no CPE)range: <= 0.22.0
Patches
Vulnerability mechanics
References
6- www.openwall.com/lists/oss-security/2026/05/05/3nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-7pwc-h2j2-rjgjghsaADVISORY
- lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52rnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-43869ghsaADVISORY
- github.com/apache/thrift/commit/0919c3d5506151514e283a63e1fe1ce83e2449d8ghsaWEB
- github.com/apache/thrift/releases/tag/v0.23.0ghsaWEB
News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026