CVE-2026-43870
published 2026-05-05CVE-2026-43870: Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP…
high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting'), Uncontrolled Resource Consumption vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | thrift | < 0.23.0 | 0.23.0 |
| apache | thrift | 0 – 0.22.0 | — |
| apache_software_foundation | apache_thrift | < 0.23.0 | 0.23.0 |