CVE-2026-43869: Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability

May 5, 2026 (updated May 8, 2026)

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

References

github.com/advisories/GHSA-7pwc-h2j2-rjgj
github.com/apache/thrift
github.com/apache/thrift/commit/0919c3d5506151514e283a63e1fe1ce83e2449d8
github.com/apache/thrift/releases/tag/v0.23.0
lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r
nvd.nist.gov/vuln/detail/CVE-2026-43869

Code Behaviors & Features

Detect and mitigate CVE-2026-43869 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →