NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-43870

Summary	Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting'), Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
Publication Date	May 5, 2026, 6:16 p.m.
Registration Date	May 6, 2026, 4:07 a.m.
Last Update	May 5, 2026, 7:16 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://lists.apache.org/thread/pgtfq44ltc9t63kxcbqmwqzt45pnhqdy	security@apache.org
2	http://www.openwall.com/lists/oss-security/2026/05/05/4	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html
2	CWE-113	HTTP レスポンスの分割	https://cwe.mitre.org/data/definitions/113.html
3	CWE-400	リソースの枯渇	https://cwe.mitre.org/data/definitions/400.html
4	CWE-346	同一生成元ポリシー違反	https://cwe.mitre.org/data/definitions/346.html