CVE-2026-24343
- Source
- https://cve.org/CVERecord?id=CVE-2026-24343
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24343.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-24343
- Published
- 2026-02-10T10:15:59.567Z
- Modified
- 2026-03-13T04:10:06.680821Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat.
This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
- References
Affected packages
Git / github.com/apache/hertzbeat
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2026-24343-26c13c8b",
"target": {
"file": "hertzbeat-warehouse/src/test/java/org/apache/hertzbeat/warehouse/store/TdEngineDataStorageTest.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"53033068047436181540837752067815066611",
"71938792451142702145780666807312638732",
"185237302934097350434418980537312470593",
"132293447870326662302586476361287186902",
"263512250518369006794070536173091430207",
"190975345119162932468646221998072473101",
"51368052323825541481366893320913296991",
"242712943421769586161584198055422995621",
"19994673265612285444568720559781413861",
"53567060342046444506021687660955953445",
"301250845242938807046247725622614626351",
"128998801841687832448039993823390411723",
"110983094963052489690594062295937783967"
]
},
"signature_version": "v1",
"source": "https://github.com/apache/hertzbeat/commit/1b51c19c972cdccd2970b71e72ed73dad8ff92a9"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2026-24343-4fcf5bac",
"target": {
"file": "hertzbeat-warehouse/src/main/java/org/apache/hertzbeat/warehouse/store/history/tsdb/tdengine/TdEngineDataStorage.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"101985091812589877102980538395908193294",
"272880958665566622074280762418449246520",
"151659756674204260201603310838768904497",
"242650969418994622628002708557984209507",
"41378585723454860520946512130734319821",
"81949062089191391749779947034022018496",
"195616442931820536833131320153571191253",
"27994158369907679642417433864863517969",
"18785047884902338447870974001426250367",
"58094069660371555128202112808370234746",
"239495479380770418680145527508154549422",
"334523339728727407073469933370817279979"
]
},
"signature_version": "v1",
"source": "https://github.com/apache/hertzbeat/commit/1b51c19c972cdccd2970b71e72ed73dad8ff92a9"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2026-24343-6f1de650",
"target": {
"file": "hertzbeat-common/src/main/java/org/apache/hertzbeat/common/util/StrBuffer.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"144633617260848927864810518686580684003",
"58650337939443767453802022617309508970"
]
},
"signature_version": "v1",
"source": "https://github.com/apache/hertzbeat/commit/1b51c19c972cdccd2970b71e72ed73dad8ff92a9"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2026-24343-9f42c42f",
"target": {
"file": "hertzbeat-warehouse/src/main/java/org/apache/hertzbeat/warehouse/store/history/tsdb/tdengine/TdEngineDataStorage.java",
"function": "saveData"
},
"digest": {
"length": 4033.0,
"function_hash": "110003769105996664021943126932212910874"
},
"signature_version": "v1",
"source": "https://github.com/apache/hertzbeat/commit/1b51c19c972cdccd2970b71e72ed73dad8ff92a9"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24343.json"