What is the CVSS score of CVE-2026-4645?

CVE-2026-4645 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Debian are affected by CVE-2026-4645?

A denial-of-service vulnerability in the XPath processing library affects multiple Red Hat products including OpenShift and Kubernetes environments.. A patch is available.

Debian CVE-2026-4645

EUVD-2026-14434 HIGH

Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)

2026-03-23 redhat

GHSA-x7cq-7pqm-2pgr

Denial Of Service Debian Suse

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 23, 2026 - 14:00 euvd

EUVD-2026-14434

Analysis Generated

Mar 23, 2026 - 14:00 vuln.today

CVE Published

Mar 23, 2026 - 13:35 nvd

HIGH 7.5

DescriptionNVD

A flaw was found in the github.com/antchfx/xpath component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the logicalQuery.Select function, leading to 100% CPU utilization and a Denial of Service (DoS) condition for the affected system.

AnalysisAI

The antchfx/xpath component in Debian is vulnerable to denial of service when processing specially crafted Boolean XPath expressions, which trigger an infinite loop in the logicalQuery.Select function consuming 100% CPU resources. Unauthenticated remote attackers can exploit this over the network without user interaction to disable affected systems. …

RemediationAI

Within 24 hours: Inventory all systems running affected Red Hat products (Compliance Operator, File Integrity Operator, Migration Toolkit for Applications 8, OpenShift Container Platform 4, Advanced Cluster Management for Kubernetes 2) and assess exposure. Within 7 days: Apply vendor patches when released by Red Hat; implement network access controls to restrict XPath input sources if patches are unavailable. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

CVE-2026-47269 HIGH This Week

7.4 May 27

Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH

CVE-2026-47271 MEDIUM This Month

5.1 May 27

pam_usb prior to 0.9.0 crashes under memory pressure due to assert()-based OOM guards in src/mem.c that are silently str

CVE-2026-45898 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removin

CVE-2026-45924 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: ksmbd: call ksmbd_vfs_kern_path_end_removing() on s

Vendor StatusVendor

Debian

golang-github-antchfx-xpath

Release	Status	Fixed Version	Urgency
bookworm, bullseye	vulnerable	1.1.2-2	-
trixie	vulnerable	1.3.3-1	-
forky, sid	fixed	1.3.6-1	-
(unstable)	fixed	1.3.6-1	-

CVE-2026-4645 vulnerability details – vuln.today

Back

Debian CVE-2026-4645

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Debian

Share

External POC / Exploit Code