CVE-2026-43869 PUBLISHED

Apache Thrift: TSSLTransportFactory.java hostname verification

Assigner: apache
Reserved: 04.05.2026 Published: 05.05.2026 Updated: 05.05.2026

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Product Status

Vendor Apache Software Foundation
Product Apache Thrift
Versions Default: unaffected
  • affected from 0 to 0.23.0 (excl.)

References

Problem Types

  • CWE-297 Improper Validation of Certificate with Host Mismatch CWE