HIGH🇵🇱 Wersja polska

CVE-2026-24343

CVSS 8.8v3.1pub. 2026-02-10upd. 2026-02-11

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Apache Hertzbeat

    APP
    Apache
    1.7.1 – 1.8.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-51653CRITICAL9.8PL ✓ten sam produkt

Apache Hertzbeat — JNDI injection RCE przez endpoint JMX

CVE-2023-51388CRITICAL9.8PL ✓ten sam produkt

Apache Hertzbeat — script injection via AviatorEvaluator (RCE)

CVE-2023-51389CRITICAL9.8PL ✓ten sam produkt

Apache Hertzbeat — YAML deserialization w endpoincie /define/yml

CVE-2025-24404HIGH8.8ten sam produkt

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attack...

CVE-2025-48208HIGH8.8ten sam produkt

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache H...