Every CVE whose affected-product data names Apache Thrift, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2016-5397 — CVSS 8.8 (high): The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting…
CVE-2026-41604 — CVSS 8.2 (high): Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to…
CVE-2018-1320 — CVSS 7.5 (high): Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the…
CVE-2019-0205 — CVSS 7.5 (high): In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input…
CVE-2020-13949 — CVSS 7.5 (high): In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation…
CVE-2025-48431 — CVSS 7.5 (high): Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before…
CVE-2026-41602 — CVSS 7.5 (high): Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift…
CVE-2019-0210 — CVSS 7.5 (high): In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid…
CVE-2026-41636 — CVSS 7.5 (high): Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are…
CVE-2026-41603 — CVSS 7.4 (high): Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0…
CVE-2026-43870 — CVSS 7.3 (high): Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF…
CVE-2026-41605 — CVSS 7.3 (high): Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to…
CVE-2026-43869 — CVSS 7.3 (high): Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0…
CVE-2026-41607 — CVSS 6.5 (medium): Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to…
CVE-2018-11798 — CVSS 6.5 (medium): The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in…
CVE-2015-3254 — CVSS 6.5 (medium): The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion)…
CVE-2026-43868 — CVSS 5.3 (medium): Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are…
CVE-2026-41606 — CVSS 5.3 (medium): Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to…