CVE-2026-24343

CVE-2026-24343: Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions

Vendor Apache Software Foundation

Product Apache HertzBeat

Weakness CWE-643 · XPath injection

Published February 10, 2026

Last update February 10, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

Key dates

Disclosure timeline

February 10, 2026 CVE published

February 10, 2026 Record updated