CVE-2026-41603 | Apache Thrift up to 0.22.0 Java TSSLTransportFactory certificate host validation

A vulnerability labeled as critical has been found in Apache Thrift up to 0.22.0. Affected is the function TSSLTransportFactory of the component Java. Executing a manipulation can lead to certificate with host mismatch.

This vulnerability appears as CVE-2026-41603. The attack may be performed from remote. There is no available exploit.

The affected component should be upgraded.VulDB Recent EntriesRead More