{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4645", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-03-23T12:21:39.096Z", "datePublished": "2026-03-23T13:35:22.985Z", "dateUpdated": "2026-03-24T17:08:38.672Z"}, "containers": {"cna": {"title": "Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the `github.com/antchfx/xpath` component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the `logicalQuery.Select` function, leading to 100% CPU utilization and a Denial of Service (DoS) condition for the affected system."}], "affected": [{"vendor": "Red Hat", "product": "Compliance Operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "compliance/openshift-compliance-operator-bundle", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_compliance_operator:1"]}, {"vendor": "Red Hat", "product": "Compliance Operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "compliance/openshift-compliance-rhel8-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_compliance_operator:1"]}, {"vendor": "Red Hat", "product": "File Integrity Operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "compliance/openshift-compliance-must-gather-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_file_integrity_operator:1"]}, {"vendor": "Red Hat", "product": "File Integrity Operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "compliance/openshift-compliance-openscap-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_file_integrity_operator:1"]}, {"vendor": "Red Hat", "product": "File Integrity Operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "compliance/openshift-compliance-operator-bundle", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_file_integrity_operator:1"]}, {"vendor": "Red Hat", "product": "File Integrity Operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "compliance/openshift-compliance-rhel8-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_file_integrity_operator:1"]}, {"vendor": "Red Hat", "product": "Migration Toolkit for Applications 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mta/mta-cli-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:migration_toolkit_applications:8"]}, {"vendor": "Red Hat", "product": "Migration Toolkit for Applications 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mta/mta-dotnet-external-provider-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:migration_toolkit_applications:8"]}, {"vendor": "Red Hat", "product": "Migration Toolkit for Applications 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mta/mta-dotnet-external-provider-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:migration_toolkit_applications:8"]}, {"vendor": "Red Hat", "product": "Migration Toolkit for Applications 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mta/mta-generic-external-provider-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:migration_toolkit_applications:8"]}, {"vendor": "Red Hat", "product": "Migration Toolkit for Applications 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mta/mta-java-external-provider-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:migration_toolkit_applications:8"]}, {"vendor": "Red Hat", "product": "Migration Toolkit for Applications 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mta/mta-solution-server-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:migration_toolkit_applications:8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhacm2/acm-grafana-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:acm:2"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "opentelemetry-collector", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "opentelemetry-collector", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "compliance/openshift-compliance-must-gather-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "compliance/openshift-compliance-openscap-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "compliance/openshift-compliance-rhel8-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosdt/opentelemetry-collector-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosdt/tempo-jaeger-query-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosdt/tempo-query-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhosdt/tempo-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-4645", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450214", "name": "RHBZ#2450214", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494"}, {"url": "https://github.com/antchfx/xpath/issues/121"}, {"url": "https://github.com/golang/vulndb/issues/4526"}], "datePublic": "2026-03-17T20:58:59.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-835", "description": "Loop with Unreachable Exit Condition ('Infinite Loop')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')", "workarounds": [{"lang": "en", "value": "To mitigate this issue, restrict the processing of untrusted or unvalidated XPath expressions by applications which utilize the `github.com/antchfx/xpath` component. Implement input validation and sanitization for all XPath expressions originating from external or untrusted sources. If possible, configure applications to only process XPath expressions from trusted sources or disable features that allow arbitrary XPath expression evaluation."}], "timeline": [{"lang": "en", "time": "2026-03-23T06:02:52.120Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-03-17T20:58:59.000Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-24T17:08:38.672Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T15:00:29.186034Z", "id": "CVE-2026-4645", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:00:36.532Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4645", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T15:00:29.186034Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:00:32.836Z"}}], "cna": {"title": "Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": ["cpe:/a:redhat:openshift_compliance_operator:1"], "vendor": "Red Hat", "product": "Compliance Operator", "packageName": "compliance/openshift-compliance-operator-bundle", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_compliance_operator:1"], "vendor": "Red Hat", "product": "Compliance Operator", "packageName": "compliance/openshift-compliance-rhel8-operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_file_integrity_operator:1"], "vendor": "Red Hat", "product": "File Integrity Operator", "packageName": "compliance/openshift-compliance-must-gather-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_file_integrity_operator:1"], "vendor": "Red Hat", "product": "File Integrity Operator", "packageName": "compliance/openshift-compliance-openscap-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_file_integrity_operator:1"], "vendor": "Red Hat", "product": "File Integrity Operator", "packageName": "compliance/openshift-compliance-operator-bundle", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_file_integrity_operator:1"], "vendor": "Red Hat", "product": "File Integrity Operator", "packageName": "compliance/openshift-compliance-rhel8-operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_applications:8"], "vendor": "Red Hat", "product": "Migration Toolkit for Applications 8", "packageName": "mta/mta-cli-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_applications:8"], "vendor": "Red Hat", "product": "Migration Toolkit for Applications 8", "packageName": "mta/mta-dotnet-external-provider-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_applications:8"], "vendor": "Red Hat", "product": "Migration Toolkit for Applications 8", "packageName": "mta/mta-dotnet-external-provider-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_applications:8"], "vendor": "Red Hat", "product": "Migration Toolkit for Applications 8", "packageName": "mta/mta-generic-external-provider-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_applications:8"], "vendor": "Red Hat", "product": "Migration Toolkit for Applications 8", "packageName": "mta/mta-java-external-provider-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:migration_toolkit_applications:8"], "vendor": "Red Hat", "product": "Migration Toolkit for Applications 8", "packageName": "mta/mta-solution-server-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:acm:2"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "packageName": "rhacm2/acm-grafana-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "opentelemetry-collector", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "opentelemetry-collector", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "compliance/openshift-compliance-must-gather-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "compliance/openshift-compliance-openscap-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "compliance/openshift-compliance-rhel8-operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3", "packageName": "rhosdt/opentelemetry-collector-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3", "packageName": "rhosdt/tempo-jaeger-query-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3", "packageName": "rhosdt/tempo-query-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_distributed_tracing:3"], "vendor": "Red Hat", "product": "Red Hat OpenShift distributed tracing 3", "packageName": "rhosdt/tempo-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-03-23T06:02:52.120Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-03-17T20:58:59.000Z", "value": "Made public."}], "datePublic": "2026-03-17T20:58:59.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-4645", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450214", "name": "RHBZ#2450214", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494"}, {"url": "https://github.com/antchfx/xpath/issues/121"}, {"url": "https://github.com/golang/vulndb/issues/4526"}], "workarounds": [{"lang": "en", "value": "To mitigate this issue, restrict the processing of untrusted or unvalidated XPath expressions by applications which utilize the `github.com/antchfx/xpath` component. Implement input validation and sanitization for all XPath expressions originating from external or untrusted sources. If possible, configure applications to only process XPath expressions from trusted sources or disable features that allow arbitrary XPath expression evaluation."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in the `github.com/antchfx/xpath` component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the `logicalQuery.Select` function, leading to 100% CPU utilization and a Denial of Service (DoS) condition for the affected system."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-835", "description": "Loop with Unreachable Exit Condition ('Infinite Loop')"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-03-24T17:08:38.672Z"}, "x_redhatCweChain": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')"}}, "cveMetadata": {"cveId": "CVE-2026-4645", "state": "PUBLISHED", "dateUpdated": "2026-03-24T17:08:38.672Z", "dateReserved": "2026-03-23T12:21:39.096Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-03-23T13:35:22.985Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the `github.com/antchfx/xpath` component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the `logicalQuery.Select` function, leading to 100% CPU utilization and a Denial of Service (DoS) condition for the affected system."}], "id": "CVE-2026-4645", "lastModified": "2026-03-23T14:31:37.267", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-03-23T14:16:36.063", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-4645"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450214"}, {"source": "secalert@redhat.com", "url": "https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494"}, {"source": "secalert@redhat.com", "url": "https://github.com/antchfx/xpath/issues/121"}, {"source": "secalert@redhat.com", "url": "https://github.com/golang/vulndb/issues/4526"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"bugzilla": {"description": "github.com/antchfx/xpath: xpath: Denial of Service via crafted Boolean XPath expressions", "id": "2450214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450214"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-835", "details": ["A flaw was found in the `github.com/antchfx/xpath` component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the `logicalQuery.Select` function, leading to 100% CPU utilization and a Denial of Service (DoS) condition for the affected system."], "name": "CVE-2026-4645", "package_state": [{"cpe": "cpe:/a:redhat:openshift_compliance_operator:1", "fix_state": "Affected", "package_name": "compliance/openshift-compliance-operator-bundle", "product_name": "Compliance Operator"}, {"cpe": "cpe:/a:redhat:openshift_compliance_operator:1", "fix_state": "Affected", "package_name": "compliance/openshift-compliance-rhel8-operator", "product_name": "Compliance Operator"}, {"cpe": "cpe:/a:redhat:openshift_file_integrity_operator:1", "fix_state": "Affected", "package_name": "compliance/openshift-compliance-must-gather-rhel8", "product_name": "File Integrity Operator"}, {"cpe": "cpe:/a:redhat:openshift_file_integrity_operator:1", "fix_state": "Affected", "package_name": "compliance/openshift-compliance-openscap-rhel8", "product_name": "File Integrity Operator"}, {"cpe": "cpe:/a:redhat:openshift_file_integrity_operator:1", "fix_state": "Affected", "package_name": "compliance/openshift-compliance-operator-bundle", "product_name": "File Integrity Operator"}, {"cpe": "cpe:/a:redhat:openshift_file_integrity_operator:1", "fix_state": "Affected", "package_name": "compliance/openshift-compliance-rhel8-operator", "product_name": "File Integrity Operator"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:8", "fix_state": "Affected", "package_name": "mta/mta-cli-rhel9", "product_name": "Migration Toolkit for Applications 8"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:8", "fix_state": "Affected", "package_name": "mta/mta-dotnet-external-provider-rhel8", "product_name": "Migration Toolkit for Applications 8"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:8", "fix_state": "Affected", "package_name": "mta/mta-dotnet-external-provider-rhel9", "product_name": "Migration Toolkit for Applications 8"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:8", "fix_state": "Affected", "package_name": "mta/mta-generic-external-provider-rhel9", "product_name": "Migration Toolkit for Applications 8"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:8", "fix_state": "Affected", "package_name": "mta/mta-java-external-provider-rhel9", "product_name": "Migration Toolkit for Applications 8"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:8", "fix_state": "Affected", "package_name": "mta/mta-solution-server-rhel9", "product_name": "Migration Toolkit for Applications 8"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/acm-grafana-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "opentelemetry-collector", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "opentelemetry-collector", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "compliance/openshift-compliance-must-gather-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "compliance/openshift-compliance-openscap-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "compliance/openshift-compliance-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Affected", "package_name": "rhosdt/opentelemetry-collector-rhel9", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Affected", "package_name": "rhosdt/tempo-jaeger-query-rhel9", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Affected", "package_name": "rhosdt/tempo-query-rhel9", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Affected", "package_name": "rhosdt/tempo-rhel9", "product_name": "Red Hat OpenShift distributed tracing 3"}], "public_date": "2026-03-17T20:58:59Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4645\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4645\nhttps://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494\nhttps://github.com/antchfx/xpath/issues/121\nhttps://github.com/golang/vulndb/issues/4526"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 90.0, "confidence_source": "matching", "scores": [{"score": 90.0, "source": "matching"}]}, "original": {"product": "Red Hat Advanced Cluster Management for Kubernetes 2", "source": "cna", "vendor": "Red Hat"}, "product": "advanced_cluster_management_for_kubernetes", "vendor": "redhat"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Red Hat Enterprise Linux 10", "source": "cna", "vendor": "Red Hat"}, "product": "enterprise_linux", "vendor": "redhat"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 96.0, "confidence_source": "matching", "scores": [{"score": 96.0, "source": "matching"}]}, "original": {"product": "Migration Toolkit for Applications 8", "source": "cna", "vendor": "Red Hat"}, "product": "migration_toolkit_for_applications", "vendor": "redhat"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 83.0, "confidence_source": "matching", "scores": [{"score": 83.0, "source": "matching"}]}, "original": {"product": "Compliance Operator", "source": "cna", "vendor": "Red Hat"}, "product": "openshift_compliance_operator", "vendor": "redhat"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 86.0, "confidence_source": "matching", "scores": [{"score": 86.0, "source": "matching"}]}, "original": {"product": "Red Hat OpenShift Container Platform 4", "source": "cna", "vendor": "Red Hat"}, "product": "openshift_container_platform", "vendor": "redhat"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 87.0, "confidence_source": "matching", "scores": [{"score": 87.0, "source": "matching"}]}, "original": {"product": "Red Hat OpenShift distributed tracing 3", "source": "cna", "vendor": "Red Hat"}, "product": "openshift_distributed_tracing", "vendor": "redhat"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 85.0, "confidence_source": "matching", "scores": [{"score": 85.0, "source": "matching"}]}, "original": {"product": "File Integrity Operator", "source": "cna", "vendor": "Red Hat"}, "product": "openshift_file_integrity_operator", "vendor": "redhat"}], "created": "2026-03-24T10:34:00.892691+00:00", "updated": "2026-03-24T10:34:00.892814+00:00", "vendors": ["redhat", "redhat$PRODUCT$advanced_cluster_management_for_kubernetes", "redhat$PRODUCT$enterprise_linux", "redhat$PRODUCT$migration_toolkit_for_applications", "redhat$PRODUCT$openshift_compliance_operator", "redhat$PRODUCT$openshift_container_platform", "redhat$PRODUCT$openshift_distributed_tracing", "redhat$PRODUCT$openshift_file_integrity_operator"]}