oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2026-24343: Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions

From: Qingran Zhao <zhaoqingran () apache org>
Date: Mon, 09 Feb 2026 14:21:32 +0000
Severity: Important 

Affected versions:

- Apache HertzBeat (org.apache.hertzbeat:hertzbeat-collector) 1.7.1 before 1.8.0

Description:

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat.

This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0.

Users are recommended to upgrade to version 1.8.0, which fixes the issue.

References:

https://hertzbeat.apache.org
https://www.cve.org/CVERecord?id=CVE-2026-24343
Previous By Date Next
Previous By Thread Next

Current thread: