Apache Thrift <0.23.0: Uncontrolled Recursion Vulnerability: CVE-2026-41606 April 2026

Apache Thrift: c_glib dispatch stack overflow
Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Vulnerability Analysis

CVE-2026-41606 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

LOW

Weakness Type

What is a Stack Exhaustion Vulnerability?

The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

CVE-2026-41606 has been classified to as a Stack Exhaustion vulnerability or weakness.

Products Associated with CVE-2026-41606

Want to know whenever a new CVE is published for Apache Thrift? stack.watch will email you.

Apache Thrift <0.23.0: Uncontrolled Recursion Vulnerability
CVE-2026-41606 Published on April 28, 2026

Vulnerability Analysis

Weakness Type

What is a Stack Exhaustion Vulnerability?

Products Associated with CVE-2026-41606

Affected Versions

Apache Thrift <0.23.0: Uncontrolled Recursion VulnerabilityCVE-2026-41606 Published on April 28, 2026

Vulnerability Analysis

Weakness Type

What is a Stack Exhaustion Vulnerability?

Products Associated with CVE-2026-41606

Affected Versions

Apache Thrift <0.23.0: Uncontrolled Recursion Vulnerability
CVE-2026-41606 Published on April 28, 2026