Vulnerability-Lookup

CVE-2026-41636 (GCVE-0-2026-41636)

Vulnerability from cvelistv5 – Published: 2026-04-28 09:22 – Updated: 2026-04-28 12:15

Title

Apache Thrift: Node.js skip() recursion

Summary

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Severity

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

CWE

CWE-674 - Uncontrolled Recursion

Assigner

apache

References

1 reference

URL	Tags
https://lists.apache.org/thread/lb4j0zyd5f3g36cos…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Thrift	Affected: 0 , < 0.23.0 (semver)

Credits

박시온 (L3G4CY Security Research)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-28T09:52:15.152Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/28/1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41636",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-28T12:15:08.418018Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T12:15:44.118Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Thrift",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "0.23.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "\ubc15\uc2dc\uc628 (L3G4CY Security Research)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUncontrolled Recursion vulnerability in Apache Thrift Node.js bindings\u003c/p\u003e\u003cp\u003eThis issue affects Apache Thrift: before 0.23.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 0.23.0, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674 Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T09:22:14.639Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Thrift: Node.js skip() recursion",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-41636",
    "datePublished": "2026-04-28T09:22:14.639Z",
    "dateReserved": "2026-04-21T22:23:34.001Z",
    "dateUpdated": "2026-04-28T12:15:44.118Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-41636",
      "date": "2026-05-28",
      "epss": "0.00228",
      "percentile": "0.45584"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-41636\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-04-28T10:16:03.687\",\"lastModified\":\"2026-04-28T18:38:39.447\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings\\n\\nThis issue affects Apache Thrift: before 0.23.0.\\n\\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:thrift:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"0.23.0\",\"matchCriteriaId\":\"B6D5A1D2-DE9F-4EBC-97FB-90B477C6CD00\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Release Notes\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/04/28/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/04/28/1\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-04-28T09:52:15.152Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-41636\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-28T12:15:08.418018Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-28T12:15:29.325Z\"}}], \"cna\": {\"title\": \"Apache Thrift: Node.js skip() recursion\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"\\ubc15\\uc2dc\\uc628 (L3G4CY Security Research)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Thrift\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.23.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings\\n\\nThis issue affects Apache Thrift: before 0.23.0.\\n\\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eUncontrolled Recursion vulnerability in Apache Thrift Node.js bindings\u003c/p\u003e\u003cp\u003eThis issue affects Apache Thrift: before 0.23.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 0.23.0, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-674\", \"description\": \"CWE-674 Uncontrolled Recursion\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2026-04-28T09:22:14.639Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-41636\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-28T12:15:44.118Z\", \"dateReserved\": \"2026-04-21T22:23:34.001Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2026-04-28T09:22:14.639Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

bit-thrift-2026-41636

Vulnerability from bitnami_vulndb

Published

2026-04-29 08:50

Modified

2026-04-29 09:10

Summary

Apache Thrift: Node.js skip() recursion

Details

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "thrift",
        "purl": "pkg:bitnami/thrift"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.23.0"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "type": "CVSS_V4"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41636"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:apache:thrift:*:*:*:*:*:node.js:*:*"
    ],
    "severity": "High"
  },
  "details": "Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.",
  "id": "BIT-thrift-2026-41636",
  "modified": "2026-04-29T09:10:02.628Z",
  "published": "2026-04-29T08:50:27.836Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/28/1"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41636"
    }
  ],
  "schema_version": "1.6.2",
  "summary": "Apache Thrift: Node.js skip() recursion"
}

CERTFR-2026-AVI-0588

Vulnerability from certfr_avis - Published: 2026-05-13 - Updated: 2026-05-13

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft SQL Server 2017 pour systèmes x64 (GDR) versions antérieures à 14.0.2110.2
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 - 15.8) antérieures à 15.9.80
Microsoft	N/A	Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5552.1002
Microsoft	N/A	Microsoft Dynamics 365 Business Central Release Wave 2 2025 versions antérieures à 27.6
Microsoft	N/A	Microsoft Dynamics 365 Business Central Release Wave 1 2025 versions antérieures à 26.12
Microsoft	N/A	Microsoft JIRA SAML SSO plugin versions antérieures à 1.3.3
Microsoft	N/A	Microsoft Visual Studio 2026 version 18.5 antérieures à 18.5.3
Microsoft	N/A	Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1180.1
Microsoft	N/A	Microsoft SharePoint Server 2019 versions antérieures à 16.0.10417.20128
Microsoft	N/A	M365 Copilot pour Desktop versions antérieures à 19.2604.43111.0
Microsoft	N/A	Microsoft SQL Server 2022 pour systèmes x64 (CU 24) versions antérieures à 16.0.4252.3
Microsoft	N/A	Microsoft SQL Server 2019 pour systèmes x64 (CU 32) versions antérieures à 15.0.4470.1
Microsoft	N/A	Microsoft Data Formulator versions antérieures à 0.7
Microsoft	N/A	Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) versions antérieures à 13.0.6490.1
Microsoft	N/A	Microsoft Teams pour Android versions antérieures à 1.0.0.2026092103
Microsoft	N/A	Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.19725.20280
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.1 antérieures à 9.1.44.15
Microsoft	N/A	Microsoft SQL Server 2025 pour systèmes x64 (CU4) versions antérieures à 17.0.4040.1
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 - 16.10) antérieures à 16.11.56
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.14 antérieures à 17.14.31
Microsoft	N/A	Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 15.0.2170.1
Microsoft	N/A	Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack versions antérieures à 13.0.7085.1
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.12 antérieures à 17.12.20
Microsoft	N/A	Microsoft SQL Server 2017 pour systèmes x64 (CU 31) versions antérieures à 14.0.3530.2
Microsoft	N/A	Microsoft Confluence SAML SSO plugin versions antérieures à 7.4.0
Microsoft	N/A	Visual Studio Code - Live Preview extension versions antérieures à 0.4.19
Microsoft	N/A	Microsoft SQL Server 2025 pour systèmes x64 (GDR) versions antérieures à 17.0.1115.1
Microsoft	N/A	Microsoft Dynamics 365 Business Central 2026 Release Wave 1 versions antérieures à 28.1
Microsoft	N/A	Visual Studio Code versions antérieures à 1.119.1
Microsoft	N/A	Microsoft Dynamics 365 Business Central 2024 Release Wave 2 versions antérieures à 25.18
Microsoft	N/A	Power Automate pour Desktop versions antérieures à 2.67

References

Title

Publication Time

FKIE_CVE-2026-41636

Vulnerability from fkie_nvd - Published: 2026-04-28 10:16 - Updated: 2026-04-28 18:38

Severity

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

References

	URL	Tags
	security@apache.org	https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql	Mailing List, Patch, Release Notes
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2026/04/28/1	Mailing List

Impacted products

	Vendor	Product	Version
	apache	thrift	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:thrift:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "B6D5A1D2-DE9F-4EBC-97FB-90B477C6CD00",
              "versionEndExcluding": "0.23.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue."
    }
  ],
  "id": "CVE-2026-41636",
  "lastModified": "2026-04-28T18:38:39.447",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security@apache.org",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-04-28T10:16:03.687",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Release Notes"
      ],
      "url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2026/04/28/1"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-674"
        }
      ],
      "source": "security@apache.org",
      "type": "Primary"
    }
  ]
}

GHSA-R67J-R569-JRWP

Vulnerability from github – Published: 2026-04-28 12:31 – Updated: 2026-05-06 19:56

Summary

Apache Thrift Node.js bindings vulnerable to Uncontrolled Recursion

Details

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Severity

8.7 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "thrift"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.23.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41636"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-06T19:56:53Z",
    "nvd_published_at": "2026-04-28T10:16:03Z",
    "severity": "HIGH"
  },
  "details": "Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.",
  "id": "GHSA-r67j-r569-jrwp",
  "modified": "2026-05-06T19:56:53Z",
  "published": "2026-04-28T12:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41636"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/thrift"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/28/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache Thrift Node.js bindings vulnerable to Uncontrolled Recursion"
}

MSRC_CVE-2026-41636

Vulnerability from csaf_microsoft - Published: 2026-04-02 00:00 - Updated: 2026-05-13 01:40

Summary

Apache Thrift: Node.js skip() recursion

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2026-41636

CWE-674 - Uncontrolled Recursion

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 17626-17084		—

Known affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 17086-1		—	None Available
Unresolved product id: 17084-2		—	Vendor Fix fix

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-41636 Apache Thrift: Node.js skip() recursion - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-41636.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Apache Thrift: Node.js skip() recursion",
    "tracking": {
      "current_release_date": "2026-05-13T01:40:27.000Z",
      "generator": {
        "date": "2026-05-13T07:22:36.591Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-41636",
      "initial_release_date": "2026-04-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-04-30T01:11:57.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2026-05-01T01:04:09.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "Information published."
        },
        {
          "date": "2026-05-13T01:40:27.000Z",
          "legacy_version": "3",
          "number": "3",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              },
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "cbl2 ceph 0:16.2.10-11.cbl2",
                "product": {
                  "name": "cbl2 ceph 0:16.2.10-11.cbl2",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "ceph"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 thrift 0:0.15.0-5.azl3",
                "product": {
                  "name": "\u003cazl3 thrift 0:0.15.0-5.azl3",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 thrift 0:0.15.0-5.azl3",
                "product": {
                  "name": "azl3 thrift 0:0.15.0-5.azl3",
                  "product_id": "17626"
                }
              }
            ],
            "category": "product_name",
            "name": "thrift"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 ceph 0:16.2.10-11.cbl2 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 thrift 0:0.15.0-5.azl3 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 thrift 0:0.15.0-5.azl3 as a component of Azure Linux 3.0",
          "product_id": "17626-17084"
        },
        "product_reference": "17626",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-41636",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "general",
          "text": "apache",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "17626-17084"
        ],
        "known_affected": [
          "17086-1",
          "17084-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-41636 Apache Thrift: Node.js skip() recursion - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-41636.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2026-04-30T01:11:57.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-1"
          ]
        },
        {
          "category": "vendor_fix",
          "date": "2026-04-30T01:11:57.000Z",
          "details": "0:0.15.0-6.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "title": "Apache Thrift: Node.js skip() recursion"
    }
  ]
}

OPENSUSE-SU-2026:10685-1

Vulnerability from csaf_opensuse - Published: 2026-05-04 00:00 - Updated: 2026-05-04 00:00

Summary

libthrift-0_23_0-0.23.0-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: libthrift-0_23_0-0.23.0-1.1 on GA media

Description of the patch: These are all security issues fixed in the libthrift-0_23_0-0.23.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2026-10685

CVE-2026-41602

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 40 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-41604

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Affected products

Recommended 40 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-41605

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 40 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-41606

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 40 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2026-41607

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 40 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2026-41636

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 40 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

20 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2026-41602/	self
https://www.suse.com/security/cve/CVE-2026-41604/	self
https://www.suse.com/security/cve/CVE-2026-41605/	self
https://www.suse.com/security/cve/CVE-2026-41606/	self
https://www.suse.com/security/cve/CVE-2026-41607/	self
https://www.suse.com/security/cve/CVE-2026-41636/	self
https://www.suse.com/security/cve/CVE-2026-41602	external
https://bugzilla.suse.com/1263496	external
https://www.suse.com/security/cve/CVE-2026-41604	external
https://bugzilla.suse.com/1263444	external
https://www.suse.com/security/cve/CVE-2026-41605	external
https://bugzilla.suse.com/1263368	external
https://www.suse.com/security/cve/CVE-2026-41606	external
https://bugzilla.suse.com/1263323	external
https://www.suse.com/security/cve/CVE-2026-41607	external
https://bugzilla.suse.com/1263256	external
https://www.suse.com/security/cve/CVE-2026-41636	external
https://bugzilla.suse.com/1263185	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libthrift-0_23_0-0.23.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libthrift-0_23_0-0.23.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2026-10685",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10685-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-41602 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-41602/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-41604 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-41604/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-41605 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-41605/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-41606 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-41606/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-41607 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-41607/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-41636 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-41636/"
      }
    ],
    "title": "libthrift-0_23_0-0.23.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2026-05-04T00:00:00Z",
      "generator": {
        "date": "2026-05-04T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:10685-1",
      "initial_release_date": "2026-05-04T00:00:00Z",
      "revision_history": [
        {
          "date": "2026-05-04T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libthrift-0_23_0-0.23.0-1.1.aarch64",
                "product": {
                  "name": "libthrift-0_23_0-0.23.0-1.1.aarch64",
                  "product_id": "libthrift-0_23_0-0.23.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libthrift-devel-0.23.0-1.1.aarch64",
                "product": {
                  "name": "libthrift-devel-0.23.0-1.1.aarch64",
                  "product_id": "libthrift-devel-0.23.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libthrift_c_glib0-0.23.0-1.1.aarch64",
                "product": {
                  "name": "libthrift_c_glib0-0.23.0-1.1.aarch64",
                  "product_id": "libthrift_c_glib0-0.23.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libthriftnb-0_23_0-0.23.0-1.1.aarch64",
                "product": {
                  "name": "libthriftnb-0_23_0-0.23.0-1.1.aarch64",
                  "product_id": "libthriftnb-0_23_0-0.23.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libthriftz-0_23_0-0.23.0-1.1.aarch64",
                "product": {
                  "name": "libthriftz-0_23_0-0.23.0-1.1.aarch64",
                  "product_id": "libthriftz-0_23_0-0.23.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "perl-thrift-0.23.0-1.1.aarch64",
                "product": {
                  "name": "perl-thrift-0.23.0-1.1.aarch64",
                  "product_id": "perl-thrift-0.23.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python311-thrift-0.23.0-1.1.aarch64",
                "product": {
                  "name": "python311-thrift-0.23.0-1.1.aarch64",
                  "product_id": "python311-thrift-0.23.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-thrift-0.23.0-1.1.aarch64",
                "product": {
                  "name": "python313-thrift-0.23.0-1.1.aarch64",
                  "product_id": "python313-thrift-0.23.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python314-thrift-0.23.0-1.1.aarch64",
                "product": {
                  "name": "python314-thrift-0.23.0-1.1.aarch64",
                  "product_id": "python314-thrift-0.23.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "thrift-0.23.0-1.1.aarch64",
                "product": {
                  "name": "thrift-0.23.0-1.1.aarch64",
                  "product_id": "thrift-0.23.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libthrift-0_23_0-0.23.0-1.1.ppc64le",
                "product": {
                  "name": "libthrift-0_23_0-0.23.0-1.1.ppc64le",
                  "product_id": "libthrift-0_23_0-0.23.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libthrift-devel-0.23.0-1.1.ppc64le",
                "product": {
                  "name": "libthrift-devel-0.23.0-1.1.ppc64le",
                  "product_id": "libthrift-devel-0.23.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libthrift_c_glib0-0.23.0-1.1.ppc64le",
                "product": {
                  "name": "libthrift_c_glib0-0.23.0-1.1.ppc64le",
                  "product_id": "libthrift_c_glib0-0.23.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
                "product": {
                  "name": "libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
                  "product_id": "libthriftnb-0_23_0-0.23.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libthriftz-0_23_0-0.23.0-1.1.ppc64le",
                "product": {
                  "name": "libthriftz-0_23_0-0.23.0-1.1.ppc64le",
                  "product_id": "libthriftz-0_23_0-0.23.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "perl-thrift-0.23.0-1.1.ppc64le",
                "product": {
                  "name": "perl-thrift-0.23.0-1.1.ppc64le",
                  "product_id": "perl-thrift-0.23.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python311-thrift-0.23.0-1.1.ppc64le",
                "product": {
                  "name": "python311-thrift-0.23.0-1.1.ppc64le",
                  "product_id": "python311-thrift-0.23.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-thrift-0.23.0-1.1.ppc64le",
                "product": {
                  "name": "python313-thrift-0.23.0-1.1.ppc64le",
                  "product_id": "python313-thrift-0.23.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python314-thrift-0.23.0-1.1.ppc64le",
                "product": {
                  "name": "python314-thrift-0.23.0-1.1.ppc64le",
                  "product_id": "python314-thrift-0.23.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "thrift-0.23.0-1.1.ppc64le",
                "product": {
                  "name": "thrift-0.23.0-1.1.ppc64le",
                  "product_id": "thrift-0.23.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libthrift-0_23_0-0.23.0-1.1.s390x",
                "product": {
                  "name": "libthrift-0_23_0-0.23.0-1.1.s390x",
                  "product_id": "libthrift-0_23_0-0.23.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libthrift-devel-0.23.0-1.1.s390x",
                "product": {
                  "name": "libthrift-devel-0.23.0-1.1.s390x",
                  "product_id": "libthrift-devel-0.23.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libthrift_c_glib0-0.23.0-1.1.s390x",
                "product": {
                  "name": "libthrift_c_glib0-0.23.0-1.1.s390x",
                  "product_id": "libthrift_c_glib0-0.23.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libthriftnb-0_23_0-0.23.0-1.1.s390x",
                "product": {
                  "name": "libthriftnb-0_23_0-0.23.0-1.1.s390x",
                  "product_id": "libthriftnb-0_23_0-0.23.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libthriftz-0_23_0-0.23.0-1.1.s390x",
                "product": {
                  "name": "libthriftz-0_23_0-0.23.0-1.1.s390x",
                  "product_id": "libthriftz-0_23_0-0.23.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "perl-thrift-0.23.0-1.1.s390x",
                "product": {
                  "name": "perl-thrift-0.23.0-1.1.s390x",
                  "product_id": "perl-thrift-0.23.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python311-thrift-0.23.0-1.1.s390x",
                "product": {
                  "name": "python311-thrift-0.23.0-1.1.s390x",
                  "product_id": "python311-thrift-0.23.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-thrift-0.23.0-1.1.s390x",
                "product": {
                  "name": "python313-thrift-0.23.0-1.1.s390x",
                  "product_id": "python313-thrift-0.23.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python314-thrift-0.23.0-1.1.s390x",
                "product": {
                  "name": "python314-thrift-0.23.0-1.1.s390x",
                  "product_id": "python314-thrift-0.23.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "thrift-0.23.0-1.1.s390x",
                "product": {
                  "name": "thrift-0.23.0-1.1.s390x",
                  "product_id": "thrift-0.23.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libthrift-0_23_0-0.23.0-1.1.x86_64",
                "product": {
                  "name": "libthrift-0_23_0-0.23.0-1.1.x86_64",
                  "product_id": "libthrift-0_23_0-0.23.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libthrift-devel-0.23.0-1.1.x86_64",
                "product": {
                  "name": "libthrift-devel-0.23.0-1.1.x86_64",
                  "product_id": "libthrift-devel-0.23.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libthrift_c_glib0-0.23.0-1.1.x86_64",
                "product": {
                  "name": "libthrift_c_glib0-0.23.0-1.1.x86_64",
                  "product_id": "libthrift_c_glib0-0.23.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libthriftnb-0_23_0-0.23.0-1.1.x86_64",
                "product": {
                  "name": "libthriftnb-0_23_0-0.23.0-1.1.x86_64",
                  "product_id": "libthriftnb-0_23_0-0.23.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libthriftz-0_23_0-0.23.0-1.1.x86_64",
                "product": {
                  "name": "libthriftz-0_23_0-0.23.0-1.1.x86_64",
                  "product_id": "libthriftz-0_23_0-0.23.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "perl-thrift-0.23.0-1.1.x86_64",
                "product": {
                  "name": "perl-thrift-0.23.0-1.1.x86_64",
                  "product_id": "perl-thrift-0.23.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python311-thrift-0.23.0-1.1.x86_64",
                "product": {
                  "name": "python311-thrift-0.23.0-1.1.x86_64",
                  "product_id": "python311-thrift-0.23.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-thrift-0.23.0-1.1.x86_64",
                "product": {
                  "name": "python313-thrift-0.23.0-1.1.x86_64",
                  "product_id": "python313-thrift-0.23.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python314-thrift-0.23.0-1.1.x86_64",
                "product": {
                  "name": "python314-thrift-0.23.0-1.1.x86_64",
                  "product_id": "python314-thrift-0.23.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "thrift-0.23.0-1.1.x86_64",
                "product": {
                  "name": "thrift-0.23.0-1.1.x86_64",
                  "product_id": "thrift-0.23.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthrift-0_23_0-0.23.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64"
        },
        "product_reference": "libthrift-0_23_0-0.23.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthrift-0_23_0-0.23.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le"
        },
        "product_reference": "libthrift-0_23_0-0.23.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthrift-0_23_0-0.23.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x"
        },
        "product_reference": "libthrift-0_23_0-0.23.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthrift-0_23_0-0.23.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64"
        },
        "product_reference": "libthrift-0_23_0-0.23.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthrift-devel-0.23.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64"
        },
        "product_reference": "libthrift-devel-0.23.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthrift-devel-0.23.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le"
        },
        "product_reference": "libthrift-devel-0.23.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthrift-devel-0.23.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x"
        },
        "product_reference": "libthrift-devel-0.23.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthrift-devel-0.23.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64"
        },
        "product_reference": "libthrift-devel-0.23.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthrift_c_glib0-0.23.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64"
        },
        "product_reference": "libthrift_c_glib0-0.23.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthrift_c_glib0-0.23.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le"
        },
        "product_reference": "libthrift_c_glib0-0.23.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthrift_c_glib0-0.23.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x"
        },
        "product_reference": "libthrift_c_glib0-0.23.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthrift_c_glib0-0.23.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64"
        },
        "product_reference": "libthrift_c_glib0-0.23.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthriftnb-0_23_0-0.23.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64"
        },
        "product_reference": "libthriftnb-0_23_0-0.23.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthriftnb-0_23_0-0.23.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le"
        },
        "product_reference": "libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthriftnb-0_23_0-0.23.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x"
        },
        "product_reference": "libthriftnb-0_23_0-0.23.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthriftnb-0_23_0-0.23.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64"
        },
        "product_reference": "libthriftnb-0_23_0-0.23.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthriftz-0_23_0-0.23.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64"
        },
        "product_reference": "libthriftz-0_23_0-0.23.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthriftz-0_23_0-0.23.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le"
        },
        "product_reference": "libthriftz-0_23_0-0.23.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthriftz-0_23_0-0.23.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x"
        },
        "product_reference": "libthriftz-0_23_0-0.23.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libthriftz-0_23_0-0.23.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64"
        },
        "product_reference": "libthriftz-0_23_0-0.23.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-thrift-0.23.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64"
        },
        "product_reference": "perl-thrift-0.23.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-thrift-0.23.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le"
        },
        "product_reference": "perl-thrift-0.23.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-thrift-0.23.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x"
        },
        "product_reference": "perl-thrift-0.23.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-thrift-0.23.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64"
        },
        "product_reference": "perl-thrift-0.23.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-thrift-0.23.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64"
        },
        "product_reference": "python311-thrift-0.23.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-thrift-0.23.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le"
        },
        "product_reference": "python311-thrift-0.23.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-thrift-0.23.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x"
        },
        "product_reference": "python311-thrift-0.23.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-thrift-0.23.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64"
        },
        "product_reference": "python311-thrift-0.23.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-thrift-0.23.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64"
        },
        "product_reference": "python313-thrift-0.23.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-thrift-0.23.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le"
        },
        "product_reference": "python313-thrift-0.23.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-thrift-0.23.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x"
        },
        "product_reference": "python313-thrift-0.23.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-thrift-0.23.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64"
        },
        "product_reference": "python313-thrift-0.23.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-thrift-0.23.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64"
        },
        "product_reference": "python314-thrift-0.23.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-thrift-0.23.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le"
        },
        "product_reference": "python314-thrift-0.23.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-thrift-0.23.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x"
        },
        "product_reference": "python314-thrift-0.23.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-thrift-0.23.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64"
        },
        "product_reference": "python314-thrift-0.23.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thrift-0.23.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64"
        },
        "product_reference": "thrift-0.23.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thrift-0.23.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le"
        },
        "product_reference": "thrift-0.23.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thrift-0.23.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x"
        },
        "product_reference": "thrift-0.23.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "thrift-0.23.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
        },
        "product_reference": "thrift-0.23.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-41602",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-41602"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-41602",
          "url": "https://www.suse.com/security/cve/CVE-2026-41602"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1263496 for CVE-2026-41602",
          "url": "https://bugzilla.suse.com/1263496"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-04T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-41602"
    },
    {
      "cve": "CVE-2026-41604",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-41604"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Out-of-bounds Read vulnerability in Apache Thrift.\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-41604",
          "url": "https://www.suse.com/security/cve/CVE-2026-41604"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1263444 for CVE-2026-41604",
          "url": "https://bugzilla.suse.com/1263444"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-04T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-41604"
    },
    {
      "cve": "CVE-2026-41605",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-41605"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer Overflow or Wraparound vulnerability in Apache Thrift.\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-41605",
          "url": "https://www.suse.com/security/cve/CVE-2026-41605"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1263368 for CVE-2026-41605",
          "url": "https://bugzilla.suse.com/1263368"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-04T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-41605"
    },
    {
      "cve": "CVE-2026-41606",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-41606"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Uncontrolled Recursion vulnerability in Apache Thrift.\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-41606",
          "url": "https://www.suse.com/security/cve/CVE-2026-41606"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1263323 for CVE-2026-41606",
          "url": "https://bugzilla.suse.com/1263323"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-04T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-41606"
    },
    {
      "cve": "CVE-2026-41607",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-41607"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Out-of-bounds Read vulnerability in Apache Thrift.\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-41607",
          "url": "https://www.suse.com/security/cve/CVE-2026-41607"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1263256 for CVE-2026-41607",
          "url": "https://bugzilla.suse.com/1263256"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-04T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-41607"
    },
    {
      "cve": "CVE-2026-41636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-41636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
          "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-41636",
          "url": "https://www.suse.com/security/cve/CVE-2026-41636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1263185 for CVE-2026-41636",
          "url": "https://bugzilla.suse.com/1263185"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift-devel-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthrift_c_glib0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftnb-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:libthriftz-0_23_0-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:perl-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python311-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python313-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:python314-thrift-0.23.0-1.1.x86_64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.aarch64",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.ppc64le",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.s390x",
            "openSUSE Tumbleweed:thrift-0.23.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-04T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-41636"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-41636 (GCVE-0-2026-41636)

bit-thrift-2026-41636

Vulnerability from bitnami_vulndb

CERTFR-2026-AVI-0588

Solutions

FKIE_CVE-2026-41636

GHSA-R67J-R569-JRWP

MSRC_CVE-2026-41636

OPENSUSE-SU-2026:10685-1

Tags

Sightings

Nomenclature