Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability — CVE-2026-43869
GitHub · GitHub · CVE-2026-43869
ID
CVE-2026-43869
CVE-2026-43869
Date
Updated
Activity
Source
GitHub
GitHub
Vendor
GitHub
GitHub
Threat
high
high
CVSS
7.3
7.3
EPSS
0.00036
0.00036
Summary
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version [0.23.0](https://github.com/apache/thrift/releases/tag/v0.23.0), which fixes the issue.
Product
maven: org.apache.thrift:libthrift
What to do
General, cautious steps (verify details in the official source):
- Prioritize patching or mitigation immediately (treat as actively risky).
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.