CVE-2026-41602
Integer Overflow in Apache Thrift TFramedTransport Go Module
Publication date: 2026-04-28
Last updated on: 2026-04-28
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | thrift | to 0.23.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users of Apache Thrift should upgrade to version 0.23.0, which contains the fix for the integer overflow or wraparound issue in the Go language implementation of the TFramedTransport component.
Can you explain this vulnerability to me?
CVE-2026-41602 is an integer overflow or wraparound vulnerability found in the Go language implementation of Apache Thrift's TFramedTransport component. This means that the software improperly handles integer values, which can cause unexpected behavior or errors during its operation.
How can this vulnerability impact me? :
This vulnerability could lead to unexpected behavior or security risks when using affected versions of Apache Thrift prior to 0.23.0. Improper handling of integer values might be exploited to cause errors or potentially compromise the security of applications relying on this component.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the integer overflow or wraparound vulnerability in Apache Thrift TFramedTransport Go implementation impacts compliance with common standards and regulations such as GDPR or HIPAA.