PT-2026-35685 · Apache · Apache Thrift

Jens Geyer

·

Published

2026-04-28

·

Updated

2026-04-29

·

CVE-2026-41603

CVSS v3.1

7.4

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Apache Thrift versions prior to 0.23.0
Description Improper validation of certificates with host mismatch occurs in the Java TSSLTransportFactory hostname verification process.
Recommendations Upgrade to version 0.23.0.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-297CWE-306

Related Identifiers

BIT-THRIFT-2026-41603
CVE-2026-41603

Affected Products

Apache Thrift