CVE-2026-41603
HIGHDescription
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
Is your site exposed to CVE-2026-41603?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| apache | thrift |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2026-41603? +
How severe is CVE-2026-41603? +
What products are affected by CVE-2026-41603? +
How do I check if I'm vulnerable to CVE-2026-41603? +
Related Vulnerabilities
Allow attackers to intercept or falsify data exchanges between the client and the server
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. …
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain …
It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the …
A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, …
The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks.