CVE-2026-24343 Apache — Exploit & Vulnerability Details HIGH

CVE-2026-24343

HIGH CVSS 3.1: 8.8 EPSS 0.03%

Parameter	Value
CVSS	8.8 (HIGH)
Affected Versions	before 1.8.0.
Fixed In	1.8.0
Type	CWE-643
Vendor	Apache
Public PoC	No

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-643

References 2

https://lists.apache.org/thread/b2k3jqwffrbo2sy6bl4n0f68kp8bfo1n

security@apache.org

http://www.openwall.com/lists/oss-security/2026/02/09/4

af854a3a-2127-422b-91ae-364da2661108

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-27811

Apache

8.8

CVE-2025-54920

Apache

8.8

CVE-2016-20026

Apache

9.3

CVE-2026-23941

Apache

7.0

CVE-2025-66249

Apache

6.3

Menu

CVE-2026-24343

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-27811

CVE-2025-54920

CVE-2016-20026

CVE-2026-23941

CVE-2025-66249

CVE Details

Editor's Choice

Menu

CVE-2026-24343

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-27811

CVE-2025-54920

CVE-2016-20026

CVE-2026-23941

CVE-2025-66249

CVE Details

Editor's Choice

Stay informed on cybersecurity