You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
xpath denial of service
About this tag
The xpath denial of service tag covers vulnerabilities where specially crafted XPath expressions cause a denial-of-service condition. The primary example is CVE-2026-4645, a flaw in the Go XPath library github.com/antchfx/xpath. Boolean XPath expressions can trigger total loss of availability, meaning an attacker can fully deny access to resources in the impacted component. This can occur during processing or leave the service persistently unavailable. Such bugs are characterized by small inputs causing disproportionate impact, similar to other parser and query-language DoS issues. The tag is relevant for developers and security professionals working with XPath processing in Go or related environments.
A newly assigned CVE-2026-4645 affects the Go XPath library github.com/antchfx/xpath, and the issue is serious enough to be framed as a denial-of-service risk: specially crafted boolean XPath expressions can drive the component into total loss of availability. The vulnerability description...