CVE-2026-4645

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-4645
Rejected reason: Duplicate of CVE-2026-32287
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

30 Mar 2026, 08:16

Type Values Removed Values Added
Summary (en) A flaw was found in the `github.com/antchfx/xpath` component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the `logicalQuery.Select` function, leading to 100% CPU utilization and a Denial of Service (DoS) condition for the affected system. (en) Rejected reason: Duplicate of CVE-2026-32287
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : unknown
CWE CWE-835
References
  • {'url': 'https://access.redhat.com/security/cve/CVE-2026-4645', 'source': 'secalert@redhat.com'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=2450214', 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494', 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/antchfx/xpath/issues/121', 'source': 'secalert@redhat.com'}
  • {'url': 'https://github.com/golang/vulndb/issues/4526', 'source': 'secalert@redhat.com'}

23 Mar 2026, 14:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-23 14:16

Updated : 2026-03-30 08:16

NVD link : CVE-2026-4645

Mitre link : CVE-2026-4645

CVE.ORG link : CVE-2026-4645

JSON object : View

Products Affected

No product.

CWE

No CWE.