CVE Fyi : org.apache.thrift:libthrift:0.22.0 and CVE-2026-41604 41602
16 views
Skip to first unread message
granada Coder
Apr 30, 2026, 4:24:55 PM (9 days ago) Apr 30
to HAPI FHIR
| +--- ca.uhn.hapi.fhir:hapi-fhir-structures-r4:8.8.1
| | +--- org.apache.jena:jena-shex:5.5.0
| | | \--- org.apache.jena:jena-arq:5.5.0
| | | +--- org.apache.thrift :libthrift: 0.22.0
| | +--- org.apache.jena:jena-shex:5.5.0
| | | \--- org.apache.jena:jena-arq:5.5.0
| | | +--- org.apache.thrift :libthrift: 0.22.0
is "released" ( released this 3 days ago aka, April 26 or 27, 2026)
but has not "replicated" out to :
yet
+----------------+----------+------+-----------+---------+-----------------+-----------+------------+----------------------------------------------------+
| CVE | SEVERITY | CVSS | PACKAGE | VERSION | STATUS | PUBLISHED | DISCOVERED | DESCRIPTION |
+----------------+----------+------+-----------+---------+-----------------+-----------+------------+----------------------------------------------------+
| CVE-2026-41604 | high | 8.20 | libthrift | 0.22.0 | fixed in 0.23.0 | 2 days | < 1 hour | Out-of-bounds Read vulnerability in Apache Thrift. |
| | | | | | 1 days ago | | | This issue affects Apache Thrift: before 0.23.0. |
| | | | | | | | | Users are recommended to upgrade to version |
| | | | | | | | | 0.23... |
+----------------+----------+------+-----------+---------+-----------------+-----------+------------+----------------------------------------------------+
| CVE-2026-41602 | high | 7.50 | libthrift | 0.22.0 | fixed in 0.23.0 | 2 days | < 1 hour | Integer Overflow or Wraparound vulnerability |
| | | | | | 1 days ago | | | in Apache Thrift TFramedTransport Go language |
| | | | | | | | | implementation This issue affects Apache Thrift: |
| | | | | | | | | before 0.... |
+----------------+----------+------+-----------+---------+-----------------+-----------+------------+----------------------------------------------------+
| CVE-2025-48431 | high | 7.50 | libthrift | 0.22.0 | fixed in 0.23.0 | 2 days | < 1 hour | Mismatched Memory Management Routines |
| | | | | | 1 days ago | | | vulnerability in Apache Thrift c_glib language |
| | | | | | | | | bindings. This issue affects Apache Thrift: |
| | | | | | | | | before 0.23.0. User... |
+----------------+----------+------+-----------+---------+-----------------+-----------+------------+----------------------------------------------------+
| CVE-2026-41603 | high | 7.40 | libthrift | 0.22.0 | fixed in 0.23.0 | 2 days | < 1 hour | Improper Validation of Certificate with Host |
| | | | | | 1 days ago | | | Mismatch vulnerability in Apache Thrift. This |
| | | | | | | | | issue affects Apache Thrift: before 0.23.0. Users |
| | | | | | | | | are rec... |
+----------------+----------+------+-----------+---------+-----------------+-----------+------------+----------------------------------------------------+
| CVE-2026-41605 | high | 7.30 | libthrift | 0.22.0 | fixed in 0.23.0 | 2 days | < 1 hour | Integer Overflow or Wraparound vulnerability in |
| | | | | | 1 days ago | | | Apache Thrift. This issue affects Apache Thrift: |
| | | | | | | | | before 0.23.0. Users are recommended to upgrade |
| | | | | | | | | to ...
Reply all
Reply to author
Forward
0 new messages