Bug 2451856 (CVE-2026-32287)

Summary: CVE-2026-32287 github.com/antchfx/xpath: github.com/antchfx/xpath: Denial of Service due to infinite loop via boolean XPath expressions
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: adudiak, akoudelk, alcohan, gparvin, jbalunas, kshier, lbragsta, mwringe, pahickey, rhaigner, rjohnson, rkeshri, stcannon, teagle, wenshen, xiyuan, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in github.com/antchfx/xpath. An attacker could exploit this vulnerability by providing specially crafted boolean XPath expressions that evaluate to true. This can cause an infinite loop within the logicalQuery.Select function, leading to 100% CPU utilization. The consequence is a Denial of Service (DoS) condition, making the affected system unresponsive.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2450214    

Description OSIDB Bzimport 2026-03-26 20:03:01 UTC 
Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".
Comment 1 Rohit Keshri 2026-03-30 06:51:40 UTC 
*** Bug 2450297 has been marked as a duplicate of this bug. ***
Comment 2 Rohit Keshri 2026-03-30 06:52:20 UTC 
*** Bug 2450301 has been marked as a duplicate of this bug. ***
Comment 3 Rohit Keshri 2026-03-30 06:52:24 UTC 
*** Bug 2450299 has been marked as a duplicate of this bug. ***
Comment 4 Rohit Keshri 2026-03-30 06:54:32 UTC 
*** Bug 2450291 has been marked as a duplicate of this bug. ***
Comment 5 Rohit Keshri 2026-03-30 06:55:07 UTC 
*** Bug 2450300 has been marked as a duplicate of this bug. ***
Comment 6 Rohit Keshri 2026-03-30 06:55:37 UTC 
*** Bug 2450293 has been marked as a duplicate of this bug. ***
Comment 7 Rohit Keshri 2026-03-30 06:56:10 UTC 
*** Bug 2450294 has been marked as a duplicate of this bug. ***
Comment 8 Rohit Keshri 2026-03-30 06:56:40 UTC 
*** Bug 2450295 has been marked as a duplicate of this bug. ***
Comment 9 Rohit Keshri 2026-03-30 06:57:11 UTC 
*** Bug 2450296 has been marked as a duplicate of this bug. ***