CVE-2026-41636
Uncontrolled Recursion Vulnerability in Apache Thrift Node.js Bindings
Publication date: 2026-04-28
Last updated on: 2026-04-28
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | thrift | to 0.23.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-674 | The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-41636 is an Uncontrolled Recursion vulnerability affecting Apache Thrift Node.js bindings in versions prior to 0.23.0.
This security flaw allows for uncontrolled recursive calls, which can cause the program to behave unexpectedly or crash.
How can this vulnerability impact me? :
The uncontrolled recursion can lead to denial of service or other unintended behavior in applications using affected versions of Apache Thrift Node.js bindings.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings, users should upgrade Apache Thrift to version 0.23.0 or later, where the issue has been fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings affects compliance with common standards and regulations such as GDPR or HIPAA.