CVE-2025-27821

HDFS native client: Out of bounds write in URI parser of native HDFS client

CVSS 7.3 HIGHEPSS 0.9%CWE-787

Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Apache Software Foundation · HDFS native client

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.apache.org/thread/kwjhyyx0wl2z9b0mw0styjk0hhdbyplh http://www.openwall.com/lists/oss-security/2026/01/23/7