Important: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 4 on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

ROOT-APP-GOBINARY-CVE-2026-41602 CVE-2026-41602 in rootio-github.com/apache/thrift - Patched by Root

Root has patched CVE-2026-41602 in the rootio-github.com/apache/thrift package for Root:Go. Multiple fixed versions available...

Apache Thrift: Apache Thrift: Denial of Service via excessive memory allocation

A flaw was found in Apache Thrift. This vulnerability involves a Memory Allocation with Excessive Size Value, which could allow an attacker to trigger resource exhaustion. By providing an overly large size value during memory allocation, an attacker can cause the affected system to become...

Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation

A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This...

ROOT-APP-MAVEN-CVE-2026-43869 CVE-2026-43869 in io.root.org.apache.thrift:libthrift - Patched by Root

Root has patched CVE-2026-43869 in the io.root.org.apache.thrift:libthrift package for Root:Maven. Multiple fixed versions available...

VMware VRealize Network Insight - Remote Code Execution

VMWare Aria Operations for Networks vRealize Network Insight is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the ro...

CVE-2025-48431

Mismatched Memory Management Routines vulnerability in Apache Thrift cglib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an cglib-based Thrift server...

CVE-2026-43870

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...

CVE-2026-43868

A flaw was found in Apache Thrift. This vulnerability involves a Memory Allocation with Excessive Size Value, which could allow an attacker to trigger resource exhaustion. By providing an overly large size value during memory allocation, an attacker can cause the affected system to become...

SUSE SLES16 Security Update : alloy (SUSE-SU-2026:21852-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21852-1 advisory. This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing...

openSUSE 16 Security Update : alloy (openSUSE-SU-2026:20816-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20816-1 advisory. This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key...

CVE-2026-43869

A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This...

OPENSUSE-SU-2026:20816-1 Security update for alloy

This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of service bsc1262955. - CVE-2026-41602: github.com/apache/thrift: TFramedTransport frame size headers can lead to a uint32 integer...

Astra Linux - уязвимость в thrift

In Apache Thrift, all versions up to and including 0.12.0, a server or client may encounter an infinite loop when processing specific input data. Since this issue was partially addressed in version 0.11.0, it only affects certain language bindings, depending on the installed version...

CVE-2026-41602 affecting package thrift for versions less than 0.15.0-6

CVE-2026-41602 affecting package thrift for versions less than 0.15.0-6. A patched version of the package is available...

CVE-2026-41604 affecting package thrift for versions less than 0.15.0-6

CVE-2026-41604 affecting package thrift for versions less than 0.15.0-6. A patched version of the package is available...

CVE-2026-41603 affecting package thrift for versions less than 0.15.0-6

CVE-2026-41603 affecting package thrift for versions less than 0.15.0-6. A patched version of the package is available...

CVE-2026-41605 affecting package thrift for versions less than 0.15.0-6

CVE-2026-41605 affecting package thrift for versions less than 0.15.0-6. A patched version of the package is available...

CVE-2026-41636 affecting package thrift for versions less than 0.15.0-6

CVE-2026-41636 affecting package thrift for versions less than 0.15.0-6. A patched version of the package is available...

CVE-2025-48431 affecting package thrift for versions less than 0.15.0-6

CVE-2025-48431 affecting package thrift for versions less than 0.15.0-6. A patched version of the package is available...