CVE-2026-43870

ADVISORY - nist

Summary

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting'), Uncontrolled Resource Consumption vulnerability in Apache Thrift.

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

EPSS Score⁠: 0.00006 (0.003)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-113⁠

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-346⁠

Origin Validation Error

CWE-400⁠

Uncontrolled Resource Consumption

Impacted images

Advisories

NIST

CREATED

2 days ago

UPDATED

11 hours ago

ADVISORY IDCVE-2026-43870⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-113⁠CWE-22⁠CWE-346⁠CWE-400⁠

CVSS SCORE

7.3high

Alpine

CREATED

7 hours ago

UPDATED

7 hours ago

ADVISORY IDCVE-2026-43870⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

2 days ago

UPDATED

21 hours ago

ADVISORY IDCVE-2026-43870⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

23 hours ago

UPDATED

23 hours ago

ADVISORY IDCVE-2026-43870⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium