Vulnerabilities ›

CVE-2026-41636

High

CWE-674 — Weakness Type

                    Published: Apr 28, 2026                      ·  Modified: May 5, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

🤖 AI Executive Summary

Apache Thrift Node.js bindings contain an uncontrolled recursion vulnerability (CWE-674) affecting versions before 0.23.0 that could lead to denial of service. Organizations using vulnerable Thrift versions should upgrade immediately to version 0.23.0 or later.

📄 Description (Arabic)

تؤثر هذه الثغرة على ربط Apache Thrift Node.js في الإصدارات السابقة للإصدار 0.23.0 وتسمح بهجمات رفض الخدمة من خلال استغلال التكرار غير المنضبط. يمكن للمهاجمين إرسال طلبات خاصة تسبب استهلاكاً مفرطاً للموارد وتعطل التطبيق.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 3, 2026 10:01

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking government telecom

🎯 MITRE ATT&CK Techniques

T1499.004

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade Apache Thrift to version 0.23.0 or later. Review all Node.js applications using Thrift bindings and update dependencies immediately. Implement input validation and recursion depth limits as defense-in-depth measures.

🔧 خطوات المعالجة (العربية)

قم بترقية Apache Thrift إلى الإصدار 0.23.0 أو أحدث. راجع جميع تطبيقات Node.js التي تستخدم ربط Thrift وحدّث المكتبات فوراً. طبّق التحقق من صحة المدخلات وحدود عمق التكرار كتدابير إضافية.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

AC-2 SI-2

🔵 SAMA CSF

CC-6.1 CC-6.2

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1

🔗 References & Sources 2

🔗

https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql

security@apache.org

Mailing List Patch Release Notes

🔗

http://www.openwall.com/lists/oss-security/2026/04/28/1

af854a3a-2127-422b-91ae-364da2661108

Mailing List

📦 Affected Products / CPE 1 entries

apache:thrift

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-674

EPSS0.17%

Exploit No

Patch ✓ Yes

Published 2026-04-28

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

patch-available CWE-674

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-41636

💬 Comments

Introduce Yourself

Sign In Required