CVE-2026-41602
published 2026-04-28CVE-2026-41602: Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | thrift | < 0.23.0 | 0.23.0 |
| apache_software_foundation | apache_thrift | < 0.23.0 | 0.23.0 |
| github.com | apache_thrift | >= 0 < 0.23.0 | 0.23.0 |
| multicluster-globalhub | multicluster-globalhub-grafana-rhel8 | — | — |
| multicluster-globalhub | multicluster-globalhub-grafana-rhel9 | — | — |
| openshift-gitops-1 | argocd-rhel8 | — | — |
| openshift-gitops-1 | argocd-rhel9 | — | — |
| openshift-service-mesh | istio-rhel8-operator | — | — |
| openshift4 | oc-mirror-plugin-rhel9 | — | — |
| rhacm2 | acm-grafana-rhel9 | — | — |
| rhaiis | vllm-cpu-rhel9 | — | — |
| rhaiis | vllm-tpu-rhel9 | — | — |
| rhceph | alloy-rhel10 | — | — |
| rhceph | grafana-rhel10 | — | — |
| rhceph | rhceph-6-dashboard-rhel9 | — | — |
| rhceph | snmp-notifier-rhel10 | — | — |
| rhceph | snmp-notifier-rhel8 | — | — |
| rhceph | snmp-notifier-rhel9 | — | — |
| rhoai | odh-model-registry-rhel9 | — | — |
| rhosdt | opentelemetry-collector-rhel9 | — | — |
| rhosdt | tempo-jaeger-query-rhel9 | — | — |
| rhosdt | tempo-query-rhel9 | — | — |
| rhosdt | tempo-rhel9 | — | — |
| rhoso-operators | openstack-operator-bundle | — | — |