CVE-2026-32287

Published March 26th, 2026

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

N/A

Affected

PROJECTS

Description

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".

golang/vulndb

[mirror] The Go Vulnerability Database

GitHub

601

antchfx/xpath

XPath package for golang, supports HTML, XML, JSON document query and more

GitHub

740