Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-04-28T09:20:13 Apache Thrift: apache.com/apache/thrift: Apache Thrift: Out-of-bounds Read vulnerability 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CWE-125

A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service (DoS) condition.

Red Hat OpenShift distributed tracing 3.9.3 2026-05-07T00:00:00Z RHSA-2026:14885 rhosdt/tempo-jaeger-query-rhel9:1778158391 Red Hat OpenShift distributed tracing 3.9.3 2026-05-07T00:00:00Z RHSA-2026:14885 rhosdt/tempo-query-rhel9:1778158343 Red Hat OpenShift distributed tracing 3.9.3 2026-05-07T00:00:00Z RHSA-2026:14885 rhosdt/tempo-rhel9:1778158374 Multicluster Global Hub Affected multicluster-globalhub/multicluster-globalhub-grafana-rhel9 OpenShift Service Mesh 2 Not affected openshift-service-mesh/istio-rhel8-operator Red Hat Advanced Cluster Management for Kubernetes 2 Affected rhacm2/acm-grafana-rhel9 Red Hat AI Inference Server Affected rhaiis/vllm-cpu-rhel9 Red Hat AI Inference Server Affected rhaiis/vllm-cuda-rhel9 Red Hat AI Inference Server Affected rhaiis/vllm-rocm-rhel9 Red Hat AI Inference Server Affected rhaiis/vllm-tpu-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Affected rhelai3/bootc-aws-cuda-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Affected rhelai3/bootc-azure-cuda-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Affected rhelai3/bootc-azure-rocm-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Affected rhelai3/bootc-cuda-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Affected rhelai3/bootc-gcp-cuda-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Affected rhelai3/bootc-rocm-rhel9 Red Hat OpenShift AI (RHOAI) Not affected rhoai/odh-kf-notebook-controller-rhel8 Red Hat OpenShift AI (RHOAI) Not affected rhoai/odh-model-registry-rhel9 Red Hat OpenShift AI (RHOAI) Not affected rhoai/odh-notebook-controller-rhel8 Red Hat OpenShift Container Platform 4 Affected openshift4/oc-mirror-plugin-rhel9 Red Hat OpenShift Container Platform 4 Affected openshift4/ztp-site-generate-rhel8 Red Hat OpenShift distributed tracing 3 Not affected rhosdt/opentelemetry-collector-rhel9 Red Hat OpenShift GitOps Will not fix openshift-gitops-1/argocd-rhel8 Red Hat OpenShift GitOps Will not fix openshift-gitops-1/argocd-rhel9 https://www.cve.org/CVERecord?id=CVE-2026-41604 https://nvd.nist.gov/vuln/detail/CVE-2026-41604 http://www.openwall.com/lists/oss-security/2026/04/28/5 https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql