CVSS 7.5 · HIGH
CVE-2026-41636
Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
Ver en NVDAnálisis
Apache Thrift Node.js bindings prior to version 0.23.0 are vulnerable to uncontrolled recursion. This flaw can be exploited to crash backend services, leading to a Denial of Service. Teams using Thrift for inter-service communication in Node.js environments should upgrade to the latest version to maintain service availability.
Severidad
Puntaje: 7.5(HIGH)
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HAV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: NONE
I: NONE
A: HIGH
Tipo de falla (CWE):
CWE-674EPSS
Probabilidad de explotación (próx. 30 días): 0.0023 (0.2%)
Percentil: 45.4%
EPSS: 2026-05-06
Afecta
apache:thriftDescripción técnica
Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
Publicada: 28/4/2026, 10:16:03
Última modificación: 28/4/2026, 18:38:39