HIGHCVE-2026-41636Published 2026-04-28Modified 2026-04-28CNA apache

CVE-2026-41636: Apache Thrift: Node.js skip() recursion

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: 0.23.0
Affected Products: 1

Fix available

0.23.0

Affected packages

Apache Software Foundation / Apache Thrift
< 0.23.0 (from 0)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

References

lists.apache.org

Metrics

Fix available