Threats Tagged 'cve-2026-41607'
View all threats tagged with 'cve-2026-41607'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-41607'
Click on any threat for detailed analysis and mitigation recommendations
Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes v2.16.2 security updateCVE-2025-48431 0 Red Hat Advanced Cluster Management for Kubernetes 2.16 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which add new features and enhancements, bug fixes, and updated container images. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.16/html-single/release_notes/index#acm-release-notes Join the discussion | GCVE Database | 06/08/2026, 17:49:59 UTC Added: 06/08/2026, 21:20:11 UTC |
Red Hat Security Advisory: Multicluster Global Hub 1.3.4 security updateCVE-2026-21728 0 Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster. Join the discussion | GCVE Database | 06/02/2026, 07:42:09 UTC Added: 06/02/2026, 21:43:28 UTC |
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.9.3 releaseCVE-2026-41602 0 This release of the Red Hat OpenShift distributed tracing platform (Tempo) provides security improvements and bug fixes. Breaking changes: * None. Deprecations: * None. Technology Preview features: * None. Enhancements: * None. Bug fixes: * Apache Thrift TFramedTransport integer overflow vulnerability is fixed: Previously, the Apache Thrift TFramedTransport Go language implementation contained an integer overflow vulnerability. An attacker could exploit this wraparound flaw to cause unexpected behavior or resource exhaustion, leading to a denial of service. With this update, the integer overflow vulnerability is fixed. For more information, see https://access.redhat.com/security/cve/cve-2026-41602. * Apache Thrift server certificate validation vulnerability is fixed: Previously, Apache Thrift did not properly validate server certificates. Apache Thrift accepted certificates even when the hostname did not match the expected hostname. A remote attacker could exploit this flaw to impersonate a legitimate server, intercept or alter sensitive communications, and gain unauthorized access or disclose information. With this update, Apache Thrift properly validates server certificate hostnames. For more information, see https://access.redhat.com/security/cve/cve-2026-41603. * Apache Thrift out-of-bounds read vulnerability is fixed: Previously, Apache Thrift contained an out-of-bounds read vulnerability. An attacker could exploit this flaw to access memory outside of allocated bounds, resulting in information disclosure or a denial-of-service (DoS) condition. With this update, Apache Thrift correctly validates memory access boundaries. For more information, see https://access.redhat.com/security/cve/cve-2026-41604 and https://access.redhat.com/security/cve/cve-2026-41607. * Apache Thrift integer overflow vulnerability is fixed: Previously, Apache Thrift contained an integer overflow vulnerability. An attacker could exploit this wraparound flaw to cause unexpected behavior or resource exhaustion, impacting system availability or integrity. With this update, Apache Thrift correctly handles integer operations to prevent overflow conditions. For more information, see https://access.redhat.com/security/cve/cve-2026-41605. * Apache Thrift uncontrolled recursion vulnerability is fixed: Previously, Apache Thrift contained an uncontrolled recursion vulnerability. When Apache Thrift processed specially crafted input, a remote attacker could trigger a denial-of-service (DoS) condition, causing excessive resource consumption and system unavailability. With this update, the recursion vulnerability is fixed, and remote attackers can no longer exploit this flaw. For more information, see https://access.redhat.com/security/cve/cve-2026-41606. Known issues: * None. Join the discussion | GCVE Database | 05/07/2026, 16:23:20 UTC Added: 05/28/2026, 22:15:02 UTC |
GCVE Database | 04/23/2026, 12:16:06 UTC Added: 05/26/2026, 20:57:58 UTC | |
GCVE Database | 04/29/2026, 17:11:19 UTC Added: 05/26/2026, 20:57:57 UTC | |
CVE-2026-41607: CWE-125 Out-of-bounds Read in Apache Software Foundation Apache ThriftCVE-2026-41607 0 CVE-2026-41607 is an out-of-bounds read vulnerability in Apache Thrift versions before 0.23.0. This flaw allows an attacker to read memory outside the intended bounds, potentially leading to information disclosure and partial denial of service. The issue is fixed in Apache Thrift version 0.23.0. The vulnerability has a CVSS score of 6.5, indicating a medium severity level. No known exploits are reported in the wild. Join the discussion | CVE Database V5 | 04/28/2026, 09:21:48 UTC Added: 04/28/2026, 10:06:55 UTC |
Showing 1 to 6 of 6 results