HIGH🇬🇧 English

CVE-2026-24343

CVSS 8.8v3.1pub. 2026-02-10upd. 2026-02-11

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Apache Hertzbeat

    APP
    Apache
    1.7.1 – 1.8.0 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-51653CRITICAL9.8PL ✓ten sam produkt

Apache Hertzbeat — JNDI injection RCE przez endpoint JMX

CVE-2023-51388CRITICAL9.8PL ✓ten sam produkt

Apache Hertzbeat — script injection via AviatorEvaluator (RCE)

CVE-2023-51389CRITICAL9.8PL ✓ten sam produkt

Apache Hertzbeat — YAML deserialization w endpoincie /define/yml

CVE-2025-24404HIGH8.8ten sam produkt

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attack...

CVE-2025-48208HIGH8.8ten sam produkt

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache H...

CVE-2026-24343 — HIGH 8.8 | CVEbaza.pl