Uncontrolled Recursion Exposed in Apache Thrift Node.js Bindings <0.23.0
CVE-2026-41636 Published on April 28, 2026

Apache Thrift: Node.js skip() recursion
Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Vendor Advisory NVD

Weakness Type

What is a Stack Exhaustion Vulnerability?

The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

CVE-2026-41636 has been classified to as a Stack Exhaustion vulnerability or weakness.

Products Associated with CVE-2026-41636

Want to know whenever a new CVE is published for Apache Thrift? stack.watch will email you.

Apache Thrift

Affected Versions

Apache Software Foundation Apache Thrift:

Before 0.23.0 is affected.

Uncontrolled Recursion Exposed in Apache Thrift Node.js Bindings <0.23.0CVE-2026-41636 Published on April 28, 2026

Weakness Type

What is a Stack Exhaustion Vulnerability?

Products Associated with CVE-2026-41636

Affected Versions

Uncontrolled Recursion Exposed in Apache Thrift Node.js Bindings <0.23.0
CVE-2026-41636 Published on April 28, 2026