Unrated severityNVD Advisory· Published Feb 10, 2026· Updated Feb 10, 2026
Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions
CVE-2026-24343
Description
Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat.
This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Affected products
2- Apache Software Foundation/Apache HertzBeatv5Range: 1.7.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- lists.apache.org/thread/b2k3jqwffrbo2sy6bl4n0f68kp8bfo1nmitrevendor-advisory
News mentions
0No linked articles in our index yet.