CVE-2026-43869

Daily digests

Apache Thrift's TSSLTransportFactory in Java doesn't properly verify hostnames during TLS connections. An attacker in a network position to intercept traffic (think man-in-the-middle) could impersonate a Thrift service endpoint without triggering a certificate error. This only matters if your Java services use Thrift's built-in TLS transport.

• Daily Digest · May 8, 2026

  Linux ksmbd RCE (9.8) + Azure Cloud Shell injection