Description

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".

INFO

Published Date :

2026-03-26T19:40:52.142Z

Last Modified :

2026-03-26T19:40:52.142Z

Source :

Go
AFFECTED PRODUCTS

The following products are affected by CVE-2026-32287 vulnerability.

Vendors Products
Antchfx
  • Xpath
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-32287.

URL Resource
https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494 cve-icon cve-icon
https://github.com/antchfx/xpath/issues/121 cve-icon cve-icon
https://github.com/golang/vulndb/issues/4526 cve-icon cve-icon
https://pkg.go.dev/vuln/GO-2026-4526 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System