CVE-2026-43868

CVE-2026-43868: Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern

Vendor Apache Software Foundation

Product Apache Thrift

Weakness CWE-789

Published May 5, 2026

Last update May 5, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Key dates

Disclosure timeline

May 5, 2026 CVE published

May 5, 2026 Record updated