CVE-2026-43869
Host Mismatch Certificate Validation Flaw in Apache Thrift
Publication date: 2026-05-05
Last updated on: 2026-05-06
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | thrift | to 0.23.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-297 | The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Validation of Certificate with Host Mismatch in Apache Thrift. It means that the software does not correctly verify that the certificate presented matches the host it is supposed to represent, which can lead to security issues.
How can this vulnerability impact me? :
Because the certificate validation is improper, an attacker could potentially perform man-in-the-middle attacks or impersonate a trusted host, leading to unauthorized access or data interception.
What immediate steps should I take to mitigate this vulnerability?
Users are recommended to upgrade Apache Thrift to version 0.23.0, which fixes the Improper Validation of Certificate with Host Mismatch vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-43869 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.