{"schema_version": "1.6.1", "id": "CVE-2026-24343", "summary": "Uncontrolled Resource Consumption via Crafted XPath Expressions", "details": "Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat.\n\nThis issue affects Apache HertzBeat: from 1.7.1 before 1.8.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "1.7.1"}, {"fixed": "1.8.0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/b2k3jqwffrbo2sy6bl4n0f68kp8bfo1n"}]}