CVE-2026-43870
Description
AI Translation Available
Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting'), Uncontrolled Resource Consumption vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.
22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
StableCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Modify Files Or Directories
Read Files Or Directories
Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies:
AI/ML
113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
IncompleteCommon Consequences
Security Scopes Affected:
Integrity
Access Control
Potential Impacts:
Modify Application Data
Gain Privileges Or Assume Identity
Applicable Platforms
Technologies:
Web Based, Web Server
346
Origin Validation Error
DraftCommon Consequences
Security Scopes Affected:
Access Control
Other
Potential Impacts:
Gain Privileges Or Assume Identity
Varies By Context
Applicable Platforms
Technologies:
Not Technology-Specific, Web Based
400
Uncontrolled Resource Consumption
DraftCommon Consequences
Security Scopes Affected:
Availability
Access Control
Other
Potential Impacts:
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Dos: Resource Consumption (Other)
Bypass Protection Mechanism
Other
Applicable Platforms
Technologies:
AI/ML, Not Technology-Specific
https://lists.apache.org/thread/pgtfq44ltc9t63kxcbqmwqzt45pnhqdy