Skip to main content

Github Com Antchfx Xpath

1 CVEs product

Monthly

CVE-2026-32287 Go HIGH PATCH GHSA This Week

The antchfx/xpath Go library prior to version 1.3.6 contains a denial-of-service vulnerability in the logicalQuery.Select function where Boolean XPath expressions that evaluate to true (such as '1=1' or 'true()') trigger an infinite loop, consuming 100% CPU resources. Remote attackers can exploit this via top-level XPath selectors without authentication, potentially disrupting any application that uses this library to process untrusted XPath queries. Upstream fix is available in commit afd4762cc342af56345a3fb4002a59281fcab494, with no public exploit code identified at time of analysis.

Denial Of Service Github Com Antchfx Xpath
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The antchfx/xpath Go library prior to version 1.3.6 contains a denial-of-service vulnerability in the logicalQuery.Select function where Boolean XPath expressions that evaluate to true (such as '1=1' or 'true()') trigger an infinite loop, consuming 100% CPU resources. Remote attackers can exploit this via top-level XPath selectors without authentication, potentially disrupting any application that uses this library to process untrusted XPath queries. Upstream fix is available in commit afd4762cc342af56345a3fb4002a59281fcab494, with no public exploit code identified at time of analysis.

Denial Of Service Github Com Antchfx Xpath
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy