oss-sec mailing list archives

CVE-2026-41605: Apache Thrift: Swift Compact Protocol integer overflow


From: Jens Geyer <jensg () apache org>
Date: Tue, 28 Apr 2026 00:00:24 +0000

Severity: important 

Affected versions:

- Apache Thrift before 0.23.0

Description:

Integer Overflow or Wraparound vulnerability in Apache Thrift.

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Credit:

Hasnain Lakhani (finder)

References:

https://thrift.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-41605


Current thread: