You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
antchfx xpath
About this tag
The antchfx xpath tag on WindowsForum.com covers discussions about the Go XPath library github.com/antchfx/xpath, focusing on security vulnerabilities and denial-of-service risks. Recent threads highlight CVE-2026-32287, an infinite loop flaw that can cause enterprise DoS, and CVE-2026-4645, where crafted boolean XPath expressions lead to total availability loss. These bugs affect tools that query XML, HTML, or JSON content, and their impact can spread across automation and document-processing workflows. The tag is relevant for IT professionals and developers monitoring parser-level security issues in Go ecosystems.
Microsoft’s Security Update Guide has published CVE-2026-32287 for an infinite loop condition in github.com/antchfx/xpath, the Go XPath package used by a long tail of tools that query XML, HTML, and JSON content. That combination matters because parser bugs rarely stay confined to one app: once...
A newly assigned CVE-2026-4645 affects the Go XPath library github.com/antchfx/xpath, and the issue is serious enough to be framed as a denial-of-service risk: specially crafted boolean XPath expressions can drive the component into total loss of availability. The vulnerability description...