7.5

CVE-2026-32287

Exploit

Infinite loop in github.com/antchfx/xpath

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AntchfxXpath SwPlatformgo Version < 1.3.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.398
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494
Patch
https://github.com/antchfx/xpath/issues/121
Third Party Advisory
Issue Tracking
https://github.com/golang/vulndb/issues/4526
Third Party Advisory
Issue Tracking
https://pkg.go.dev/vuln/GO-2026-4526
Third Party Advisory
https://securityinfinity.com/research/infinite-loop-dos-in-antchfx-xpath-logicalquery-select
Third Party Advisory
Exploit