CVE-2026-24343 PUBLISHED

Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions

Assigner: apache
Reserved: 22.01.2026 Published: 10.02.2026 Updated: 10.02.2026

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat.

This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0.

Users are recommended to upgrade to version 1.8.0, which fixes the issue.

Product Status

Vendor Apache Software Foundation
Product Apache HertzBeat
Versions Default: unaffected
  • affected from 1.7.1 to 1.8.0 (excl.)

References

Problem Types

  • CWE-643 Improper Neutralization of Data within XPath Expressions ('XPath Injection') CWE