CVE-2026-43870
ADVISORY - githubSummary
Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting'), Uncontrolled Resource Consumption vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.
EPSS Score: 0.00027 (0.079)
Common Weakness Enumeration (CWE)
ADVISORY - nist
ADVISORY - github
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
NIST
CVSS SCORE
7.3highGitHub
CREATED
UPDATED
ADVISORY IDGHSA-526f-jxpj-jmg2
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.3highAlpine
CREATED
UPDATED
ADVISORY IDCVE-2026-43870
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Debian
CREATED
UPDATED
ADVISORY IDCVE-2026-43870
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-43870
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumBitnami
CREATED
UPDATED
ADVISORY ID
BIT-thrift-2026-43870
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
7.3highChainguard
CREATED
UPDATED
ADVISORY ID
CGA-7x3g-pvgv-84c9
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-9xf9-jx38-6vjg
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-rx7f-g837-9vg8
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-