CVE 8.8 HIGH

Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions_CVE-2026-24343

February 10, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat.

This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0.

Users are recommended to upgrade to version 1.8.0, which fixes the issue.

AI Analysis

XPath Injection vulnerability in Apache HertzBeat allowing uncontrolled resource consumption via crafted XPath expressions

Basic Information

ID CVE-2026-24343

Source apache

Published Feb 10, 2026 at 09:28

Modified Feb 10, 2026 at 15:37

Affected Product

Vendor Apache Software Foundation

Product Apache HertzBeat

Version 1.7.1

Affected Versions Apache Software Foundation Apache HertzBeat 1.7.1

CWE Classification

CWE-643

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Apache Software Foundation

Product Apache HertzBeat

Version 1.7.1

References

lists.apache.org /thread/b2k3jqwffrbo2sy6bl4n0f68kp8bfo1n

{
    "lastseen": "",
    "description": "Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat.\n\nThis issue affects Apache HertzBeat: from 1.7.1 before 1.8.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue.",
    "published": "2026-02-10T09:28:52.465Z",
    "modified": "2026-02-10T15:37:07.090Z",
    "type": "cve",
    "title": "Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions",
    "source": "apache",
    "references": "https://lists.apache.org/thread/b2k3jqwffrbo2sy6bl4n0f68kp8bfo1n",
    "id": "CVE-2026-24343",
    "bulletinFamily": "",
    "cwe": [
        "CWE-643"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache HertzBeat 1.7.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache HertzBeat",
    "version": "1.7.1",
    "vendor": "Apache Software Foundation",
    "ai_description": "XPath Injection vulnerability in Apache HertzBeat allowing uncontrolled resource consumption via crafted XPath expressions",
    "ai_severity": "High",
    "ai_vendor": "Apache Software Foundation",
    "ai_product": "Apache HertzBeat",
    "ai_version": "1.7.1",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply