Unrated severityNVD Advisory· Published Feb 10, 2026· Updated Feb 10, 2026
Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions
CVE-2026-24343
Description
Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat.
This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Affected products
2Patches
Vulnerability mechanics
References
1- lists.apache.org/thread/b2k3jqwffrbo2sy6bl4n0f68kp8bfo1nmitrevendor-advisory
News mentions
0No linked articles in our index yet.