cve 2026 32287

CVE-2026-32287 is a published vulnerability affecting the Go XPath library github.com/antchfx/xpath, which is used in tools that parse XML, HTML, and JSON content. The flaw is an infinite loop condition that can lead to a denial-of-service (DoS) risk, particularly in enterprise environments where the library is embedded in automation, content extraction, or document-processing workflows. Because parser bugs in widely used libraries can propagate across multiple applications, this vulnerability has the potential to impact a broad range of systems. Microsoft's Security Update Guide lists the advisory, though details are currently limited due to JavaScript-rendered content. Users should monitor for patches or mitigations from the library maintainers.