CVE-2026-4645 — Infinite Loop in Azl3 Telegraf 1.31.0-15 ON Azure Linux 3.0

CWE-835 — Infinite Loop3 documents3 sources

Severity

7.5HIGHOSV

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Msrc Azl3 Telegraf 1.31.0-15 ON Azure Linux 3.0 Msrc Cbl2 Telegraf 1.29.4-21 ON CBL Mariner 2.0 Msrc Cbl2 Terraform 1.3.2-29 ON CBL Mariner 2.0

Timeline

PublishedMar 10

Latest updateMar 23

Description

Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions Mariner: Mariner redhat: redhat Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

Affected Packages3 packages

▶msrcmsrc/azl3_telegraf_1.31.0-15_on_azure_linux_3.0

▶msrcmsrc/cbl2_telegraf_1.29.4-21_on_cbl_mariner_2.0

▶msrcmsrc/cbl2_terraform_1.3.2-29_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

CVE-2026-4645: A flaw was found in the `github↗2026-03-23

▶

📋Vendor Advisories

Microsoft

Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions↗2026-03-10

▶

🕵️Threat Intelligence

Wiz

CVE-2026-4645 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶