CVE

CVE-2026-43870

0field notes · 1digest CVSS 9.4

Daily digests

Apache Thrift's Node.js web_server.js has multiple vulnerabilities that let a remote, unauthenticated attacker compromise the service. With a CVSS of 9.4, this is near the top of the scale. If you expose Thrift's Node.js server component to the network, treat this as urgent.

Daily Digest · May 19, 2026
Apache Thrift 9.4 RCE + 4 Linux/Go/curl fixes

CVE-2026-43870

Apache Thrift 9.4 RCE + 4 Linux/Go/curl fixes