CVE-2026-43870

ADVISORY - nist

Summary

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting'), Uncontrolled Resource Consumption vulnerability in Apache Thrift.

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

EPSS Score⁠: 0.00006 (0.003)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-113⁠

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-346⁠

Origin Validation Error

CWE-400⁠

Uncontrolled Resource Consumption

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.