CVE-2026-41606
Modified
Modified - Updated After Analysis
Uncontrolled Recursion Vulnerability in Apache Thrift Before
Vulnerability report for CVE-2026-41606, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-28
Last updated on: 2026-06-30
Assigner: Apache Software Foundation
Description
Description
Uncontrolled Recursion vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | thrift | to 0.23.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-606 | The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping. |
| CWE-674 | The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. |