Vulnerability in Github.com/antchfx/xpath
CVE-2026-32287
Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".
EPSS: 0.000 (11.3th percentile) — read the EPSS interpretation.
Affected products
- Github.com/antchfx/xpath — versions 0