CVE-2026-4645: Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions

Overview

Severity

High (CVSS 7.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Status

Not Exploited

Patch Tuesday

2026-Mar

Released

2026-03-27

Last Updated

2026-04-08

Affected Products (4)

Other

• 20951-17086
• 21080-17086
• 20969-17084
• 21127-17084

Revision History

• 2026-03-27: Information published.
• 2026-03-28: Information published.
• 2026-03-28: Information published.
• 2026-03-31: Information published.
• 2026-04-01: Information published.
• 2026-04-08: Information published.