VYPR
High severity7.5NVD Advisory· Published Mar 26, 2026· Updated Apr 21, 2026

CVE-2026-32287

CVE-2026-32287

Description

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/antchfx/xpathGo
< 1.3.61.3.6

Affected products

175

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.