Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN138
_____________________________________________________________________

DATE                : 09/02/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache HertzBeat versions
                            prior to 1.8.0.

=====================================================================
https://lists.apache.org/thread/b2k3jqwffrbo2sy6bl4n0f68kp8bfo1n
_____________________________________________________________________

CVE-2026-24343: Apache HertzBeat: Uncontrolled Resource Consumption
via Crafted XPath Expressions

Severity: Important 

Affected versions:

- Apache HertzBeat (org.apache.hertzbeat:hertzbeat-collector) 1.7.1
before 1.8.0

Description:

Improper Neutralization of Data within XPath Expressions ('XPath
Injection') vulnerability in Apache HertzBeat.

This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0.

Users are recommended to upgrade to version 1.8.0, which fixes the issue.

References:

https://hertzbeat.apache.org
https://www.cve.org/CVERecord?id=CVE-2026-24343
 
=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================