EUVD-2026-14434
GHSA-x7cq-7pqm-2pgr
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4Tags
Description
A flaw was found in the `github.com/antchfx/xpath` component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the `logicalQuery.Select` function, leading to 100% CPU utilization and a Denial of Service (DoS) condition for the affected system.
Analysis
The antchfx/xpath component in Debian is vulnerable to denial of service when processing specially crafted Boolean XPath expressions, which trigger an infinite loop in the logicalQuery.Select function consuming 100% CPU resources. Unauthenticated remote attackers can exploit this over the network without user interaction to disable affected systems. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running affected Red Hat products (Compliance Operator, File Integrity Operator, Migration Toolkit for Applications 8, OpenShift Container Platform 4, Advanced Cluster Management for Kubernetes 2) and assess exposure. Within 7 days: Apply vendor patches when released by Red Hat; implement network access controls to restrict XPath input sources if patches are unavailable. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bookworm, bullseye | vulnerable | 1.1.2-2 | - |
| trixie | vulnerable | 1.3.3-1 | - |
| forky, sid | fixed | 1.3.6-1 | - |
| (unstable) | fixed | 1.3.6-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today