CVE-2026-24343

High

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache…

apache·CWE-643·Published 2026-02-10

CVSS

8.8

EPSS

0.01

KEV

Exploits

cve.orgen

249 chars

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

NVDen

249 chars

NVDes

276 chars

Neutralización Incorrecta de Datos dentro de Expresiones XPath ('Inyección XPath') vulnerabilidad en Apache HertzBeat. Este problema afecta a Apache HertzBeat: desde 1.7.1 anterior a 1.8.0. Se recomienda a los usuarios actualizar a la versión 1.8.0, que corrige el problema.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H